Hi, I'm using nss_ldap/pam_ldap/pam_krb5 for centralized user authentication. Authentication obviously also takes place, if daemons drop their root-privileges upon startup. Now, what happens is that the dbus daemon tries to authenticate itself via pam/nss before any network adapter is up. Since LDAP, on the other hand, provides very limited means of propagating that a server went down for some reason, the assumption of all tools, including nss_ldap, is to wait for a timeout. Thus, on every bootup, dbus has to wait for nss_ldap to time out, since no LDAP server can be reached without network. This behavior can be circumvented by a simple change to /etc/init.d/dbus In the depend() section expand need localmount to need localmount net This makes dbus wait for the network to be available and thus eliminates the annoying time out. I also tried setting rc_dbus_need="net" in /etc/rc.conf but that doesn't seem to have any effect. Am I doing something wrong here? Would it be possible to add need net by default to /etc/init.d/dbus. I don't know, whether or how other remote authentication (like nss_winbind) are affected by this... Best regards Torsten Reproducible: Always Steps to Reproduce: 1. set up an LDAP server with posix user entries 2. install and configure pam_ldap/nss_ldap on a client machine 3. add dbus to any runlevel on the client machine Actual Results: dbus get's always started before net.* and thus produces a long LDAP time out Expected Results: dbus should come up AFTER the necessary network connections are available, thus avoiding the time out atalante ~ # emerge --info Portage 2.1.7.1 (default/linux/amd64/10.0, gcc-4.3.4, glibc-2.10.1-r0, 2.6.31-gentoo-r1 x86_64) ================================================================= System uname: Linux-2.6.31-gentoo-r1-x86_64-Intel-R-_Xeon-R-_CPU_X5450_@_3.00GHz-with-gentoo-2.0.1 Timestamp of tree: Tue, 27 Oct 2009 16:15:02 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.0_p35 dev-java/java-config: 1.3.7-r1, 2.1.9-r1 dev-lang/python: 2.4.6, 2.5.4-r2, 2.6.3, 3.1.1-r1 dev-python/pycrypto: 2.0.1-r8 dev-util/ccache: 2.4-r8 dev-util/cmake: 2.6.4-r3 dev-util/confcache: 0.4.2-r1 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.5.2-r1 sys-apps/sandbox: 2.2 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2, 1.11 sys-devel/binutils: 2.20 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="amd64 x86 ~amd64 ~x86" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -Os -mfpmath=sse -msse3 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config /var/lib/hsqldb /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=nocona -Os -mfpmath=sse -msse3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests ccache confcache distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo ftp://ftp.informatik.rwth-aachen.de/pub/Linux/gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LANG="de_DE" LC_ALL="de_DE" LDFLAGS="-Wl,-O1" LINGUAS="de" MAKEOPTS="-j10" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/dev-zero /usr/portage/local/layman/iwm /usr/portage/local/layman/vmware /usr/portage/local/layman/jokey /usr/portage/local/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="7zip X a52 aac accessibility acl acpi additions ads alsa amd64 amr apache2 artworkextra asf aspell async audacious autoipd avahi bash-completion beagle berkdb bluetooth browserplugin bzip2 cairo caps cdda cddb cdio cdparanoia cdr cli colordiff consolekit cracklib crypt cups curl daap dbus device-mapper djvu dns dri dts dvd dvdr dvi encode esd evdev exif expat fam fbcon ffmpeg fftw flac fluidsynth fortran freetts fuse gd gdbm gif gimpprint glitz gmp gnome gnome-keyring gnutls gphoto2 gpm gs gstreamer gtk gtkhtml gzip h323 hal hddtemp hvm ical iconv id3tag imagemagick imlib isdnlog jack jack-tmpfs java java6 jit jpeg jpeg2k kerberos keyring kpathsea lame lash latex lcms ldap libgcrypt libnotify lm_sensors logrotate lzo mad matroska mdnsresponder-compat mjpeg mmap mmx mmxext mng modules mono mp2 mp3 mp4 mpeg mplayer mpm-worker mtp mudflap multilib musepack musicbrainz mysql nautilus ncurses network nls nptl nptlonly nsplugin nvidia offensive ogg opengl openmp pae pam pcre pdf perl pidgin pipechan png pnm portaudio postgres postproc ppds pppd pygrub python qmail qt qt3support qt4 quicktime quota quotas rar readline reflection rle rrdcgi rtsp samba samba4 sasl screen sdl seamonkey sensord session shout sip slang smp sms smt sndfile sound spell spl sqlite sse sse2 ssl ssse3 stream subtitles subversion suid svg swat sylpheed sysfs t1lib tagwriting tcl tcltk tcpd test tetex tga theora threads tidy tiff tk truetype tta unicode urandom usb v4l v4l2 vcd vditool vlm vorbis wav wavpack webdav wma wmf wrapper wxwindows x264 xcb xcomposite xen xine xml xml2 xorg xosd xpm xprint xscreensaver xulrunner xv xvid xvmc xxmc zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_connect proxy_ftp proxy_http rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="canon ptp2" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" USERLAND="GNU" VIDEO_CARDS="nvidia" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Update: I realized, that need net can be replaced by use net without any implications. Nevertheless, rc_dbus_use="net" doesn't work either. Best regards, Torsten
I think this bug was already reported in the past, you might want to search for it in bugzilla.
Gilles, I'm sorry, if this turns out to be a duplicate, but I did search, of course, before reporting this bug. Nontheless, I was unable to find anything relevant. And for me the question still remains: Can this be fixed globally or would putting "use net" imply other complications? Best regards Torsten
Updating the summary - are you still applying this locally for yourself? I don't run anything like that here, and I can't think of what would break from "use net" (whereas need net would definitely be a no-no because of NetworkManager/wpa_supplicant usecase)
(In reply to comment #4) > are you still applying this locally for yourself? Yes, I do, since it's still necessary with the depicted scenario. > I don't run anything like that here, and I can't think of what would break from > "use net" (whereas need net would definitely be a no-no because of > NetworkManager/wpa_supplicant usecase) That's good news. So can I hope for /etc/init.d/dbus with "use net" to be in the tree soon? ;-)
What do other freedesktop-bugs members say? I say it's a go to add "use net" to the init script, I can't think of how it would cause problems.
I see no objection at the moment.
Adding `use net` to dbus *will* slow down the boot process if you have parallel init enabled. A similar problem was faced in Fedora/Ubuntu, and I think they chose to label it as "corner case". We shouldn't do that, of course, but I don't think forcing a `use net` for everyone is the right solution here. Perhaps a configuration option check somewhere?
*** Bug 411257 has been marked as a duplicate of this bug. ***
(In reply to comment #9) > *** Bug 411257 has been marked as a duplicate of this bug. *** https://bugs.gentoo.org/show_bug.cgi?id=411257#c2
