Custom Query (1145 matches)


Show under each result:

Results (328 - 330 of 1145)

Ticket Resolution Summary Owner Reporter
#493 fixed /proc/mounts! It's over sixty-five thousand! geofft

Reported by geofft, 14 years ago.


I logged in to a cluster machine today. /proc/mounts had 65571 entries in it, including 63356 instances of what appear to be bind-mounts of /media. My xterm that I launch from .startup.X started after about two minutes at a black screen. GNOME took a while longer, and I noticed this issue because stracing gnome-terminal indicated it was trying to read /proc/mounts and that was taking a long time. I think this is what people are reporting when they say some cluster machines take them several minutes to log in...

See  /mit/geofft/Public/proc-mounts-uniq-c for the output of cat /proc/mounts | uniq -c and  /mit/geofft/Public/debathena-over-65000 for the relevant kernel logs wherein I pressed alt-sysrq-T and -W a bunch.

#495 fixed The new ssh/ticket delegation user experience is terrible jdreed

Reported by jdreed, 14 years ago.


The combination of the fact that GSSAPIDelegateCredentials is not set on clients and that Debathena's sshd accepts non-delegated credentials is making for a terrible user experience on the dialups. (Whether or not the users *need* to be using the dialups is beside the point.)

In the long term, we would modify the patch to sshd on the old dialups, and upstream it, so that this was a configurable option in sshd_config, but that doesn't help us in the short term.

We added a warning, but no one reads it, and it doesn't help with SFTP connections.

Possibly short term solutions:

  • Patch sshd on the dialups to restore the old functionality (mmanley is looking into this)
  • Configure the dialups to run renew on the user's behalf if there are no tickets (this feels like a MitM attack, and will also break non-interactive sessions, or anything using expect(1), and possibly also break other things we haven't thought of)
  • Configure ssh_config on Debathena to delegate to the dialups (we rejected this before based on security concerns, and also because having host-specific behavior might be more confusing)
  • Configure the dialups to log you off (with a detailed error message) if you don't have tickets. Frankly, there's no need for anyone to be logged into athena.dialup without tickets/tokens. Anyone who actively _wants_ that situation almost certainly has access to another machine. Or Linerva.
#496 fixed fix cluster-login-config for Lucid jdreed geofft

Reported by geofft, 14 years ago.


Says Evan: "There are going to be things that break in cluster-login-config. I don't know what they are... I'd have to look at the package."

Note: See TracQuery for help on using queries.