FOLLOWUP: user nto showing up

From: Jon Hudson (jon.hudson@finisar.com)
Date: Fri Apr 16 2004 - 17:30:32 EDT

• Next message: Jon Hudson: "SUMMARY: user not showing up...."
• Previous message: Gary Lopez: "rcp question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for the replies, but I still don't have this nailed, and it has
gotten more curious.

It would appear that /var/adm/utmpx is not updating fast enough.

Meaning that I log in. Run "w", and can't see myself.

Then I check /var/adm/utmpx and see the date stamp.

About 60sec later, the utmpx file gets updated, and now both w and who
work fine.

speedy:/home/jon>w
  2:21pm up 15 day(s), 19:35, 0 users, load average: 0.00, 0.00, 0.01
User tty login@ idle JCPU PCPU what
speedy:/home/jon>ls -l /var/adm/utmpx
-rw-r--r-- 1 root bin 3720 Apr 16 14:07 /var/adm/utmpx

<wait a bit>

speedy:/home/jon>ls -l /var/adm/utmpx
-rw-r--r-- 1 root bin 3720 Apr 16 14:07 /var/adm/utmpx
speedy:/home/jon>ls -l /var/adm/utmpx
-rw-r--r-- 1 root bin 3720 Apr 16 14:22 /var/adm/utmpx
speedy:/home/jon>w
  2:22pm up 15 day(s), 19:36, 1 user, load average: 0.00, 0.00, 0.01
User tty login@ idle JCPU PCPU what
jon pts/1 2:22pm w

see? As soon as the time stamp on utmpx changed to 22 showing an update,
then I show up.

Then it gets a little weirder (or more sane depending on point of view)

To see if this was an openssh issue (as I just upgrading everyone to
3.8p1 with 0.9.7d) I turned on telnet to test. Turns out telnet will
hang, and not let you log in, UNTIL /var/adm/utmpx is updated, then you
log in fine, and show up right away. Telnet seems to have some
protection or dependency built in for updating utmpx that openssh does
not.

[jon@snarf jon]$ telnet speedy
Trying 10.x.x.x...
Connected to speedy.domain.com (10.x.x.x).
Escape character is '^]'.

This will hang until utmpx is updated, then I get a prompt and can lot
in fine.

While I admit it's always possible the box is compromised, it is a fresh
install, all patched, only port 22 open on a internal secured network.
And it has nothing but ssh running on it. So I think this is some sort
of bug, but anything is possible.

Any ideas? This was patched with the Jan 29th patch cluster including
kernel 27. I running this same patch cluster on 2 other boxes with no
issues, but they are 4500s, not a 480 like this one.

I'm really stumped here.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Jon Hudson: "SUMMARY: user not showing up...."
• Previous message: Gary Lopez: "rcp question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:28:28 EDT