This one time, at band camp, martin f krafft said: > also sprach Stephen Gran <sgran@debian.org> [2006.07.04.1151 +0200]: > > 15 seconds is too short for a network lookup failure, I think. > > I would expect more like 30 seconds if it was that. Is the client > > low on entropy? It may be blocking until it has enough to > > negotiate the TLS data. > > Interesting. > > The only thing I could say against this is that it's very consistent > across all clients, and has been the case for several days now. > > Anyway, looking at lsof output while the client blocks, all I ever > see is /dev/urandom, which does not block, right? > > Also, both pam_ldap.conf and libnss-ldap.conf have > > # Seed the PRNG if /dev/urandom is not provided > #tls_randfile /var/run/egd-pool > > and /dev/urandom exists, so that's what they use. > > Is there anything else you'd say I should check? Do they run nscd? I haven't seen it block that long, but I have seen it take a little while to return data. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature