Question & Answer
Question
AIX Login Performance and Hang Problems
Answer
TARGET AUDIENCE:
Clients running AIX
OBJECTIVE:
Provide instructions to mitigate login performance and hang problems
OVERVIEW:
When many users log in simultaneously, there can be contention for various system resources, which can cause slowness or even timeouts when trying to log in.
These login performance issues are possible with any login method--ssh, telnet, ftp, and others. There are multiple possible reasons for login performance problems. Any one or even all may be a factor.
· High levels of network traffic can cause delays with a number of facilities, such as host name lookups, LDAP requests, Kerberos authentication, and others.
· The last login file may grow to a size where it takes login functions a long time to process its contents.
· Device files are accessed very frequently, causing contention for the JFS log.
PROCEDURES:
If high network traffic is an issue, try enabling the rfc1323 network option using this command.
no -p -o rfc1323=1
This setting will take effect immediately and persist across reboots.
Check the size of the /etc/security/lastlog file. If it is hundreds of K in size or more, consider moving it aside and creating a new, empty one with the following commands.
mv /etc/security/lastlog /etc/security/lastlog.$(/usr/bin/date +"%F")
touch /etc/security/lastlog
trustchk -y /etc/security/lastlog
If you use authentication-related index files, you must also regenerate them with the following commands.
mkpasswd -d
mkpasswd -f
When users log in, device files such as /dev/null and /dev/tty are read from or written to many times per login. Each time this happens, a JFS log entry is created. This is a serial operation, meaning that other login activities involving those devices must wait while each JFS log entry is created. To help mitigate this bottleneck, set the devnull_lazytime option to delay or prevent updating the device's access time. This reduces or eliminates the need for JFS log entries with these device files, greatly speeding up the login process. To do this, run the following command. Valid values are "0"--the default: update the device's access time on every single read or write, "1"--never update the device's access time or "2"--update the access time about once per second.
raso -p -o devnull_lazytime=1
This setting takes effect immediately and persists across reboots.
NOTE: This option only affects multiplexed devices, such as /dev/null and /dev/tty. Other device files, such as individual ptys, hard disks, etc., still update their access times in the traditional way. In addition, this option only prevents or delays updates to the access time--it does not change modification time behavior.
Login hangs
There are known bugs in AIX that may cause logins to hang. These bugs are documented in the following APARs. Note that IJ04641 and IJ06228 only apply to multi-threaded products such as Tectia.
IV96177: LOGINS HANG TRYING TO WRITE TO UTMP
IJ04641: _ATFORK_PREPARE HANG
IJ06228: _ATFORK_PREPARE HANG WITHOUT LDAP
|
SUPPORT: If additional assistance is required after completing all of the instructions provided in this document, please follow the step-by-step instructions below to contact IBM to open a case for software under warranty or with an active and valid support contract. The technical support specialist assigned to your case will confirm that you have completed these steps. a. Document and/or take screen shots of all symptoms, errors, and/or messages that might have occurred b. Capture any logs or data relevant to the situation. c. Contact IBM to open a case: -For electronic support, please visit the IBM Support Community: d. Provide a good description of your issue and reference this technote e. Upload all of the details and data to your case -You can attach files to your case in the IBM Support Community http://www.ibm.com/support/docview.wss?uid=ibm10733581 f. Click here to submit feedback for this document. |
Was this topic helpful?
Document Information
Modified date:
15 September 2021
UID
isg3T1025161