groups issue with openssh (all versions since at least 3.8),

Hello

We are have a massive performance issue in our environment since a while. SSH logins simply take 30 s to 1 minute to give a
prompt, telnet are instantaneous. After doing a few tcpdump and comparisons between telnet and ssh connections, we noticed
that in average a ssh connection is generating over 12000 nis sessions, scanning basically all the group.byname table a few
times and we got a few thousands groups... :(
I was wondering if it could be the same issue that we saw with DB2 which behaves the exact same way each time a user logs
in...they were using the wrong function to determine the groups associated to one user

http://www-1.ibm.com/support/docview...id=swg1IY44229

As we got over a thousand AIX machines running my build of openssh in a very large environment, this is causing a real overall
performance issue with our nis environment ...

Details about the current test build:

apsp8111:/gael/src/openssh-4.3p2 #oslevel -r
5300-03

bash-2.05a$ gcc -v
Reading specs from /opt/gcc/gcc-3.2.2/lib/gcc-lib/powerpc-ibm-aix5.1.0.0/3.3.2/specs
Configured with: ./configure --prefix=/opt/gcc/gcc-3.2.2 --enable-languages=c,c++
Thread model: aix
gcc version 3.3.2

apsp8111:/gael/src/openssh-4.3p2 #/usr/local/ssl/bin/openssl version
OpenSSL 0.9.7i 14 Oct 2005

apsp8111:/gael/src/openssh-4.3p2 #./ssh -v
OpenSSH_4.3p2, OpenSSL 0.9.7i 14 Oct 2005

$ ./configure --without-rsh --disable-suid-ssh --sysconfdir=/etc/ssh --with-mantype=man --libexecdir=/usr/local/sbin
--with-pid-di
r=/etc/ssh --with-zlib=../zlib-1.2.3 --with-default-path=/bin:/usr/bin:/usr/local/bin

Let me know, I will assist as much as possible, this is really a big issue for us, and I'm not able to determine if that issue
can be resolved with a patch to openssh
or at the OS level.


Regards
--
Gael

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev