diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2011-12-20 10:47:41 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-12-20 13:37:28 -0500 |
commit | d844aab866ae237844360cea70e2dccdc90c783d (patch) | |
tree | f65426bb18fee843d5497d28497dc248593c6953 /src/responder/pam/pamsrv.c | |
parent | f1055c2a8036bb11b5788f969078edee8ba5326e (diff) | |
download | sssd-d844aab866ae237844360cea70e2dccdc90c783d.tar.gz sssd-d844aab866ae237844360cea70e2dccdc90c783d.tar.xz sssd-d844aab866ae237844360cea70e2dccdc90c783d.zip |
PAM: make initgroups timeout work across multiple clients
Instead of timing out the initgroups lookup on a per-cctx basis,
we will maintain a hash table of recently-seen users and use this
instead. This will allow SSSD to handle user's logging into
multiple services simultaneously more graciously, as well as
playing nicer with SSH (which makes calls to PAM both before and
after a fork).
https://fedorahosted.org/sssd/ticket/1063
Diffstat (limited to 'src/responder/pam/pamsrv.c')
-rw-r--r-- | src/responder/pam/pamsrv.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index 2933c79f0..be459b116 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -174,6 +174,15 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, goto done; } + /* Create table for initgroup lookups */ + ret = sss_hash_create(pctx, 10, &pctx->id_table); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Could not create initgroups hash table: [%s]", + strerror(ret))); + goto done; + } + ret = EOK; done: |