Authenticate user should not block other calls |
|||
Issue descriptionRight now if the device is offline it retries authentication for 10 secs. This should block e.g. RefreshUserPolicy call (which would fail, but that's ok)
,
Nov 23
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/bc6f4f865e1fe7943d39044c2f77d19607670e75 commit bc6f4f865e1fe7943d39044c2f77d19607670e75 Author: Lutz Justen <ljusten@chromium.org> Date: Fri Nov 23 03:07:58 2018 authpolicy: Remove auth retry Removes retries of AuthenticateUser requests in case of network errors. Those caused a 10 second delay when when a user tried to log in offline. Auth retries solved a problem when a user logged in while the network was reconnecting. In this case, the Kerberos ticket cannot be fetched without retries. After a few seconds in the session, when the network is available, GetUserStatus() succeeds and show a popup asking the user to relog since there's no Kerberos ticket. However, in the meantime we can restore Kerberos tickets from backup (see chromium:738433), so that the popup won't show up, at least not for ~10 hours. In the long run, we'll have to address the issue of reconnecting networks during login. As a workaround, a user can enforce an online logon by entering their password wrong a couple of times. BUG= chromium:856556 TEST=cros_workon_make --board=amd64-generic --test authpolicy Went through repro steps of chromium:846725 and made sure it didn't regress. Change-Id: Ib7579f48e1053bd9f10589b72f528ef6d7155e74 Reviewed-on: https://chromium-review.googlesource.com/1340619 Commit-Ready: Lutz Justen <ljusten@chromium.org> Tested-by: Lutz Justen <ljusten@chromium.org> Reviewed-by: Roman Sorokin <rsorokin@chromium.org> [modify] https://crrev.com/bc6f4f865e1fe7943d39044c2f77d19607670e75/authpolicy/authpolicy_unittest.cc [modify] https://crrev.com/bc6f4f865e1fe7943d39044c2f77d19607670e75/authpolicy/samba_interface.h [modify] https://crrev.com/bc6f4f865e1fe7943d39044c2f77d19607670e75/authpolicy/samba_interface.cc [modify] https://crrev.com/bc6f4f865e1fe7943d39044c2f77d19607670e75/authpolicy/authpolicy_parser_main.cc
,
Nov 26
To verify: - Get an Active Directory managed Chrome OS device - Log in with some user - Log out again - Unplug the network and log in again. It should NOT take 10 seconds to log in. It should be much quicker. Also check repro steps of https://crbug.com/846725 to make sure it didn't regress.
,
Nov 28
Verified fixed, no retries of AuthenticateUser requests in case of network errors (offline login). The offline login takes less than 10 seconds (actually very quick). localhost /var/log # grep -i authen authpolicy.log 2018-11-28T11:23:54.648250-08:00 INFO authpolicyd[8789]: #033[107;1;30mReceived 'AuthenticateUser' request#033[0m 2018-11-28T11:24:06.539360-08:00 INFO authpolicyd[8789]: #033[42;1;97mAuthenticateUser succeeded#033[0m 2018-11-28T12:25:05.288074-08:00 INFO authpolicyd[13112]: #033[107;1;30mReceived 'AuthenticateUser' request#033[0m 2018-11-28T12:25:05.380341-08:00 INFO authpolicyd[13112]: #033[41;1;97mAuthenticateUser failed with code 19#033[0m 2018-11-28T12:25:05.380552-08:00 ERR authpolicyd[13112]: User not logged in. Did AuthenticateUser() fail? 2018-11-28T13:27:46.499757-08:00 INFO authpolicyd[16257]: #033[107;1;30mReceived 'AuthenticateUser' request#033[0m 2018-11-28T13:27:46.587932-08:00 INFO authpolicyd[16257]: #033[41;1;97mAuthenticateUser failed with code 19#033[0m 2018-11-28T15:04:42.988176-08:00 INFO authpolicyd[20146]: #033[107;1;30mReceived 'AuthenticateUser' request#033[0m 2018-11-28T15:04:43.071313-08:00 INFO authpolicyd[20146]: #033[41;1;97mAuthenticateUser failed with code 19#033[0m 2018-11-28T15:04:45.007541-08:00 ERR authpolicyd[20146]: User not logged in. Did AuthenticateUser() fail? localhost /var/log # Also checked crbug.com/846725 and crbug.com/738433 , no notification asking to re-login. Chrome OS: 11307.0.0 Chrome: 72.0.3623.3 Device Nautilus |
|||
►
Sign in to add a comment |
|||
Comment 1 by ljusten@chromium.org
, Jun 26 2018