[sudo-users] sudo on Solaris 10 non global zone with Powerbroker Open 7

Martin, Jeff Jeff.Martin at tais.toshiba.com
Wed Jun 27 13:41:13 EDT 2012 

Hello,

I have 20 Solaris 10u10 Sparc non-global zones running with Powerbroker
Open 7 running for AD authentication.

I have compiled sudo from the source and it work just fine, but users
are complaining that it takes upwards of 3-5 minutes for the sudo
command to come back. I am not sure and by no means blaming sudo, I am
just inquiring if perhaps I missed a compile option or if there is a
setting that can perhaps be tweaked to get the performance a bit
quicker. Any ideas/thoughts are appreciated, thanks!

Jeff

 

Here is the sudo -V:

Sudo version 1.8.4

Configure options: --prefix=/usr/sfw --with-pam

Sudoers policy plugin version 1.8.4

Sudoers file grammar version 41

 

Sudoers path: /etc/sudoers

Authentication methods: 'pam'

Syslog facility if syslog is being used for logging: auth

Syslog priority to use when user authenticates successfully: notice

Syslog priority to use when user authenticates unsuccessfully: alert

Send mail if the user is not in sudoers

Use a separate timestamp for each user/tty combo

Lecture user the first time they run sudo

Require users to authenticate by default

Root may run sudo

Allow some information gathering to give useful error messages

Set the LOGNAME and USER environment variables

Length at which to wrap log file lines (0 for no wrap): 80

Authentication timestamp timeout: 5.0 minutes

Password prompt timeout: 5.0 minutes

Number of tries to enter a password: 3

Umask to use or 0777 to use user's: 022

Path to mail program: /usr/sbin/sendmail

Flags for mail program: -t

Address to send mail to: root

Subject line for mail messages: *** SECURITY information for %h ***

Incorrect password message: Sorry, try again.

Path to authentication timestamp dir: /var/lib/sudo

Default password prompt: Password:

Default user to run commands as: root

Path to the editor for use by visudo: /usr/bin/vi

When to require a password for 'list' pseudocommand: any

When to require a password for 'verify' pseudocommand: all

File descriptors >= 3 will be closed before executing a command

Reset the environment to a default set of variables

Environment variables to check for sanity:

        TERM

        LINGUAS

        LC_*

        LANGUAGE

        LANG

        COLORTERM

Environment variables to remove:

        RUBYOPT

        RUBYLIB

        PYTHONUSERBASE

        PYTHONINSPECT

        PYTHONPATH

        PYTHONHOME

        TMPPREFIX

        ZDOTDIR

        READNULLCMD

        NULLCMD

        FPATH

        PERL5DB

        PERL5OPT

        PERL5LIB

        PERLLIB

        PERLIO_DEBUG

        JAVA_TOOL_OPTIONS

        SHELLOPTS

        GLOBIGNORE

        PS4

        BASH_ENV

        ENV

        TERMCAP

        TERMPATH

        TERMINFO_DIRS

        TERMINFO

        _RLD*

        LD_*

        PATH_LOCALE

        NLSPATH

        HOSTALIASES

        RES_OPTIONS

        LOCALDOMAIN

        CDPATH

        IFS

Environment variables to preserve:

        XAUTHORIZATION

        XAUTHORITY

        TZ

        PS2

        PS1

        PATH

        LS_COLORS

        KRB5CCNAME

        HOSTNAME

        DISPLAY

        COLORS

Locale to use while parsing sudoers: C

Compress I/O logs using zlib

Directory in which to store input/output logs: /var/log/sudo-io

File in which to store the input/output log: %{seq}

Add an entry to the utmp/utmpx file when allocating a pty

 

Local IP address and netmask pairs:

        xxx.xxx.xxx.xxx/255.255.255.0

 

Sudoers I/O plugin version 1.8.4

 



________________________________
This message may contain confidential information.  If you are not the intended recipient of this e-mail, do not disseminate, distribute or copy this e-mail and delete this e-mail from your system.

More information about the sudo-users mailing list