https://bugzilla.suse.com/show_bug.cgi?id=1193017 https://bugzilla.suse.com/show_bug.cgi?id=1193017#c6 Reinhard Max <max@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(matthias.adler@cr | |onic.de) | --- Comment #6 from Reinhard Max <max@suse.com> --- OK, thanks again, so we will remove that patch. The documentation for deferred_auth_pam is in /usr/share/doc/packages/openvpn/README.auth-pam : --- snip --- SYNCHRONOUS OPERATION Sometimes PAM modules take very long to complete (for example, a LDAP or Radius query might timeout trying to connect an unreachable external server). Normal plugin auth operation will block the whole OpenVPN process in this time, that is, all forwarding for all other clients stops. The auth-pam plugin can operate asynchronously ("deferred authentication") to remedy this situation. To enable this, put setenv deferred_auth_pam 1 in your openvpn server config. If set, this will make the "PAM background process" fork() and do its job detached from OpenVPN. When finished, a status file is written, which OpenVPN will then pick up and read the success/failure result from it. While the plugin is working in the background, OpenVPN will continue to service other clients normally. Asynchronous operation is recommended for all PAM queries that could "take time" (LDAP, Radius, NIS, ...). If only local files are queried (passwd, pam_userdb, ...), synchronous operation has slightly lower overhead, so this is still the default mode of operation. --- snap --- -- You are receiving this mail because: You are on the CC list for the bug.