Package: libpam-krb5 Version: 4.7-4 Severity: important Dear Maintainer,
When connectivity is poor (like WiFi on the edge of range) checking of password can take VERY long time. It happens no matter if I login through GDM, or if I'm just unlocking the screen, or even if I'm just executing "sudo" command. This does NOT happen, when there is no connectivity at all (like an offline notebook). To see this happening execute (in two separate windows /sessions): (session one iptables-session) # iptables -P INPUT DROP (in other window/session) $ sudo su [jaksdl] password: <give the password here> ...waiting ... wainting .. waiting (back in the iptable window, execute) # iptables -I OUTPUT -p udp --dport 53 -j REJECT (again in the sudo window) ... tick tick, "sudo" completes almost immediately after iptables-REJECT command So, the sudo password checking completed almost immediately after TCP stack starts returning REJECTs ... instead of accepting traffic for transmission and in consequence giving an implression that it's worth waiting for an answere. I'm posting this as libpam-krb5, as I've noticed that DNS queries being emitting at that time do relate to kerberos realm name defined in my system. -- System Information: Debian Release: 9.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=pl_PL.utf8, LC_CTYPE=pl_PL.utf8 (charmap=UTF-8), LANGUAGE=pl_PL.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libpam-krb5 depends on: ii krb5-config 2.6 ii libc6 2.24-11+deb9u1 ii libkrb5-3 1.15-1 ii libpam-runtime 1.1.8-3.6 ii libpam0g 1.1.8-3.6 libpam-krb5 recommends no packages. libpam-krb5 suggests no packages. -- no debconf information
