X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-1.3 required=5.0 tests=AWL,BAYES_00,UNPARSEABLE_RELAY
X-Spam-Check-By:	sourceware.org
In-Reply-To:	<20081215161824.GA6830@calimero.vinschen.de>
References:	<OFB9B7CEEA DOT 015F9FE3-ONC1257520 DOT 003D6956-C1257520 DOT 003D749A AT nbg DOT sdv DOT spb DOT de> <20081215135047 DOT GU32197 AT calimero DOT vinschen DOT de> <OF9DDDB5A1 DOT 3FF00E83-ONC1257520 DOT 004F6858-C1257520 DOT 005163AC AT nbg DOT sdv DOT spb DOT de> <20081215161824 DOT GA6830 AT calimero DOT vinschen DOT de>
To:	cygwin AT cygwin DOT com
MIME-Version:	1.0
X-KeepSent:	6D20C83E:49D8B517-C1257521:002CB578; type=4; name=$KeepSent
Message-ID:	<OF6D20C83E.49D8B517-ONC1257521.002CB578-C1257521.002F8773@nbg.sdv.spb.de>
From:	Carsten DOT Porzler AT spb DOT de
Date:	Tue, 16 Dec 2008 09:39:15 +0100
X-SafeGuard_MailGateway:	Version: 5.30.1.7110 SGMG (smtpd: 6.71.2.3) Date: 20081216084003Z
Subject:	=?ISO-8859-15?Q?Re:_SSH_V=2E5=2E1_with_Cygwin1=2Edll_1=2E7=2E0=280?= =?ISO-8859-15?Q?=2E189/5/3=29_2008-12-09:_Very__large__logon_times?= =?ISO-8859-15?Q?=2E=2E=2E?=
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

Hello, Corinna,

1. It only takes 3 secs on your machine, but do you logon with an Active 
Directory user? The problem only occurs if the authentication runs against 
a domain controller! If I change the user in my passwd to a local user of 
the server, the logon process works with the regular speed (2 secs) and no 
access to pipes can be seen!

2. The problem occours on cygwin environments after the 2008-06-18 
version! I recognized the behaviour on all of our machines I tested on. 
Until cygwin 2008-06-18 it works fine, on versions after it, the problem 
occurs.

3. Unfortunately I can't debug the problem, because I am not a software 
developer. I can analyze the behaviour of software very exactly, but 
debugging is not my area. I am not experienced enought and it is too time 
consuming. I am a system administrator.

4. Actually I have watched the pipe access on a system running cygwin of 
2008-09-12. There are exact the pipe accesses I reported before 
(\\<domaincontroller>\PIPE\samr, \\<domaincontroller>\PIPE\lsarpc). Many 
of the accesses has done until the logon process finished.

If I see all the reported effects, I have to conclude that something basic 
change after the cygwin version of 2008-06-18!

I do not believe that the reason for the problems are based on our Windows 
enviroment, because all regular Windows logons and the cygwin logons 
recent to version of 2008-06-18 (inclusive) work fine!

If you try to reproduce the problem, test with domain users, not with 
local ones!

Thanks in advance for further help and

best regards

Carsten Porzler


> > Hello, Corinna,
> > 
> > "large" logon time means 45 - 66 secs during public key authentication 

> > from viewing the banner text until an simple command has been excuted 
> > (e.g. "uname -a"). Password authentication works faster (about 20 
sec), 
> > but much slower than with cygwin v.1.7.0 2008-06-18 (about 2 sec for 
> > password and public key authentication).
> 
> Works fine for me.  A logon takes about 3 secs on my machine...
> 
> > We actually use cyglsa.dll because we need real user switching with 
public 
> > key authentication.
> 
> ...using cyglsa, or, FWIW, any other logon method (create_token,
> password in LSA registry).  In theory, the cyglsa DLL doesn't call any
> time consuming function.  The main part of the job is already done in
> the Cygwin DLL's seteuid() call by the calling server process, sshd in
> this case.  I examined the cyglsa.c code once more and there's nothing
> in it which would explain the lag you're observing.  The difference in
> size is due to a lot of additional debug code which is kept available,
> but is inactive.
> 
> Did you try to debug this problem yourself in some way?  The source code
> of all componentes is freely available, as you might know.  I'm
> wondering if something in later Cygwin 1.7 DLLs collides with some stuff
> on your machine (firewall, virus checked, whatever) or with some
> settings in your environment.  I assume the actual delay occurs in the
> Cygwin DLL, not in the cyglsa.dll.  It shouldn't be too hard to find out
> where it dawdles if you're willing to invest some time in debugging.
> 
> > Because of the "large logon time" problems we use the version of 
> > 2008-06-18 and not the newer ones.
> > 
> > I noticed also, that the accesses to the pipes did not appear in the 
> > cygwin versions before 2008-06-18. Anything seems to be changed after 
this 
> > date.
> 
> Did you test the next version after that, 2008-07-26?  Does it already
> show the pipe access you seem to observe in recent versions?  The latest
> Cygwin DLLs add the password in registry stuff which also does some LSA
> calls, which might explain some of the LSA pipes.
> 
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Project Co-Leader          cygwin AT cygwin DOT com
> Red Hat
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -