This article applies to BoKS 6.7.0, 6.7.1 and 7.0.0.

Description

Some automated jobs perform frequent repeated logins to a BoKS host or make repeated suexec calls to run the same program. This produces a large amount of calls to servc which can create a queue causing authentications to slow down.


Resolution / Workaround

This can resolved by installing hotfix HFBM-0188 for BoKS 6.7 or HFBM-0189 for BoKS 7.0, available for download from the HelpSystems Community Portal.

Two things have been done:

1. Replies to authentication calls can now be cached by the boks_cached

daemon. If an identical request comes before the cache entry times out

(2 minutes), the cached reply is returned without making a call to servc.

NOTE: To turn on this functionality, LOCAL_CACHE_AUTH must be set to "on" in the $BOKS_etc/ENV file and BoKS must be restarted after installing this hotfix.

2. Logs and calls to update last login/logout on login/logout are now batched.
This means authentication requests will not have to compete with these calls
to servc.

Activating #1 will have some side effects:


- If a user logs in to a host then logs out and his/her password is changed,
he/she must still use the old password when accessing that host until the
cached replies expire.


- If a user fails to log in to a host because of no access rule or he/she
does not exist on the host, he/she will not be able to log in to that host
until the cached replies expire even if an access rule is added or he/she
is added to the host.

- Similarly if a user logs in to a host and logs out again, he/she will still
be able to log in until the cached replies expire even if the access
rule is then removed.

- If a user is blocked and tries to log in to a host, he/she will not be able
to log in until the cached replies expire even if he/she is unblocked.

- Similarly if a user logs in to a host and logs out again he/she will still
be able to log in to the host until the cached replies expire even if
he/she is then blocked.

As the cache expiration time is 120 seconds (2 minutes) this is not expected to cause too many problems. It is possible to change the cache expiration time by changing the lines saying 'ttl = 120' in $BOKS_etc/cached.cfg and restarting BoKS. The ttl (time to live) is given in seconds.

It is possible to clear the cache completely by restarting boks_cached. This can be done from the BoKS Master by running the command
# rbdebug cached -x0 -h host
or locally by running the command
# bdebug cached -x0


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018