Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T5554: Disable sudo for PAM RADIUS #2225

Closed
wants to merge 1 commit into from
Closed

T5554: Disable sudo for PAM RADIUS #2225

wants to merge 1 commit into from

Conversation

sever-sever
Copy link
Member

Change Summary

Disable sudo for PAM RADIUS template that slows down the CLI commands To fix it add:

[default=ignore success=3] pam_succeed_if.so service = sudo

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Component(s) name

pam, radius

Proposed changes

How to test

Add a fake RADIUS server

set system login radius server 203.0.113.24 key 'key1'
commit

Commit time before the fix:

vyos@r1# time commit

real	0m6.655s
user	0m0.360s
sys	0m0.180s
[edit]
vyos@r1#

After the fix:

vyos@r1# set interfaces ethernet eth1 description test2
[edit]
vyos@r1# time commit

real	0m0.580s
user	0m0.318s
sys	0m0.147s
[edit]
vyos@r1#

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@sever-sever
T5554: Disable sudo for PAM RADIUS
5170c60 
Disable sudo for PAM RADIUS template that slows down the CLI commands
To fix it add:

[default=ignore success=3] pam_succeed_if.so service = sudo
@vyosbot vyosbot requested review from a team, dmbaturin, sarthurdev, zdc, jestabro and c-po and removed request for a team September 8, 2023 13:47
@sever-sever sever-sever added the equuleus VyOS 1.3 LTS label Sep 8, 2023
@zdc
Copy link
Contributor

zdc commented Sep 14, 2023

I think it should be superseded with #2256 when that PR is tested.

@sever-sever sever-sever marked this pull request as draft September 14, 2023 16:00
@sever-sever
Copy link
Member Author

The fix in #2256
should be backported to 1.3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-po c-po c-po approved these changes

@dmbaturin dmbaturin Awaiting requested review from dmbaturin dmbaturin was automatically assigned from vyos/reviewers

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev was automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc was automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro was automatically assigned from vyos/reviewers

Assignees

@sever-sever sever-sever

Labels
equuleus VyOS 1.3 LTS
Milestone
No milestone
3 participants
@sever-sever @zdc @c-po