<div dir="ltr">Many thanks for the reply Michael,<div><br></div><div>I'll try that and report back if needed.</div><div>Gustavo</div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-03-26 23:23 GMT+00:00 Michael Stauber <span dir="ltr"><<a href="mailto:mstauber@blueonyx.it" target="_blank">mstauber@blueonyx.it</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Gustavo,<br>
<span class=""><br>
> Ignore my "find" observation. Apparently, nothing to do with it.<br>
<br>
</span>Yeah, you had me quite worried there, as that certainly would have not<br>
been normal to run.<br>
<br>
When you login as "admin" it might take a bit longer as the newsfeed<br>
from <a href="http://www.blueonyx.it" target="_blank">www.blueonyx.it</a> is parsed. However: That code has a timeout of 5<br>
seconds programmed in. So if <a href="http://www.blueonyx.it" target="_blank">www.blueonyx.it</a> doesn't react within 5<br>
seconds, the page will still render, but without the news.<br>
<br>
So I think we can ditch the idea that the GUI is the main contributing<br>
factor to the slow logins. The problem is probably deeper and that's<br>
where I'd start the investigations.<br>
<br>
The login works like this: Once you're on the login form and submit<br>
username and password, then the GUI contacts CCEd via a socket operation<br>
and issues the following command:<br>
<br>
AUTH username "password"<br>
<br>
CCEd then first checks if the User exists in the CODB database. For this<br>
it runs a "FIND username" to find out if that user has an CODB object in<br>
the CODB database.<br>
<br>
If so, CCEd will use PAM to verify the username and password against the<br>
PAM database.<br>
<br>
If both checks succeed, CCEd will respond to the GUI over the Unix<br>
socket and will report something like this:<br>
<br>
109 SESSIONID AdY...GZjDn<br>
201 O<br>
<br>
The username and session ID will then be stored in a browser cookie and<br>
will be used in all subsequent authentications between browser and GUI.<br>
Until the login is voluntarily ended with a logout, or the session ID<br>
expires due to inactivity (26 minutes standard, 60 minutes as possible<br>
maximum).<br>
<br>
If the login user doesn't exist in CODB or the PAM authentication<br>
failed, then the response is just a very brief "401 FAIL" instead.<br>
<br>
Now you can easily troubleshoot this login phase on the command line<br>
without using the GUI:<br>
<br>
Login by SSH as "admin" and "su -" to gain root access. Then run this<br>
command: /usr/sausalito/bin/cceclient<br>
<br>
It will give you a CSCP prompt like this:<br>
<br>
[root@5208r ~]# /usr/sausalito/bin/cceclient<br>
100 CSCP/0.99<br>
200 READY<br>
<br>
On that enter the following:<br>
<br>
AUTH admin "password"<br>
<br>
Where "password" is your admin-password. Check how long it takes until<br>
you get the "109 SESSIONID ..." response. Compare that with how long it<br>
takes for the GUI-login. It should not take considerably longer.<br>
<br>
If the AUTH via cceclient is already *very* slow, then we can assume<br>
that one or two things might be amiss:<br>
<br>
1.) The CODB database might be a bit corrupted and it takes too long to<br>
run the 'FIND User name="admin"' command to look up the login user in CODB.<br>
<br>
... and/or ...<br>
<br>
2.) The PAM database or PAM login procedure might be corrupted. On<br>
BlueOnyx we use /etc/passwd, /etc/shadow for logins, but via roundtrips<br>
through the PAM mechanism. It is possible that some third party software<br>
(not by BlueOnyx and not from the shop) might have messed with PAM.<br>
<br>
In that case it would be necessary to troubleshoot the PAM layer to see<br>
what's there and how it is configured in your case.<br>
<br>
In any case: If PAM is the culprit, then all other logins (SMTP-auth,<br>
Dovecot, FTP) also should take considerably longer than normal. Not just<br>
the GUI.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
With best regards<br>
<br>
Michael Stauber<br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
Blueonyx mailing list<br>
<a href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a><br>
<a href="http://mail.blueonyx.it/mailman/listinfo/blueonyx" target="_blank">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr">Um abraço,<br>Gustavo</div></div></div></div>
</div>