Date: Fri, 21 Nov 2003 09:19:02 +0800 From: Jamie Clark <jclark@metaparadigm.com> To: kientzle@acm.org Cc: Len Sassaman <rabbi@anonymizer.com> Subject: Re: Help request: problems with a 5.1 server and large numbers of ssh users. Message-ID: <3FBD6806.2000108@metaparadigm.com> In-Reply-To: <3FBD5072.7030603@acm.org> References: <0C8643E8-1B1A-11D8-B160-000A959E7C72@anonymizer.com> <3FBD5072.7030603@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Tim Kientzle wrote: > Try an 'fstat' when connections start getting dropped. > I wonder if something (PAM module, maybe?) is opening a > file on each connection and you're running out of per-process > file descriptors. A similar thing happened here - although it wasn't sshd at fault. Len mentioned using ldap authentication. nss_ldap and/or pam_ldap are use TCP connections to connect to the LDAP server. In my case there was another big consumer of persistent ldap connections that caused slapd to reach its default 1024 descriptor limit (which required a compile-time adjustment). Found this by tracing the master slapd process. -Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FBD6806.2000108>