Print | Rate this content

Red Hat Enterprise Linux 6 - sudo command takes 20s before password prompt

Title: Red Hat Enterprise Linux 6 - sudo command takes 20s before password prompt
Object Name: mmr_kc-0102049
Document Type: Support Information
Original owner: KCS - Linux
Disclosure level: Public
Version state: final
Realvnc server
Selinux policy Enforcing
When a user is connecting using vncviewer and trying "su -", it takes 20s or more before password prompt appears. But login will be successful.
Issue does not exists when login uing ILO vsp and "su -"
Issue exists only when selinux policy is set to enforcing.

When the issue occurs, one can see following messages in auditd.log:

type=USER_AVC msg=audit(1360306989.702:261530): user pid=2600 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=error error_name=net.reactivated.Fprint.Error.NoSuchDevice dest=:1.64 spid=55124 tpid=55122 scontext=system_u:system_r:fprintd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=dbus  exe="/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'

Selinux context problem.  

The source context in audit log error messages shows its related to fprintd.

Removed fprintd package and now sudo commands are fast.
fprintd is used for finger print authentication and customer does not use it. 

Another possible solution will be to check and correct Selinux context of vncserver, fprint and dbus processes and related files.

ls -lZ <file> will show selinux context of a file.
ps -efZ will show selinux context of running processes.

© Copyright 2013 Hewlett-Packard Development Company, L.P.

Legal Disclaimer: Products sold prior to the November 1, 2015 separation of Hewlett-Packard Company into Hewlett Packard Enterprise Company and HP Inc. may have older product names and model numbers that differ from current models.

Provide feedback

Please rate the information on this page to help us improve our content. Thank you!
Document title: Red Hat Enterprise Linux 6 - sudo command takes 20s before password prompt
Document ID: mmr_kc-0102049-4
How helpful was this document?
How can we improve this document?
Note: Only English language comments can be accepted at this time.
Please wait while we process your request.