slow authentication via RESTCONF (PAM_RHOST and auditd(8))

[jktjkt]

On a real box with a pretty boring PAM setup, successful authentication takes a few seconds. I traced this to our (mis)use of PAM_RHOST flag. We're setting that to a value such as [::1]:49748(for=_3h1Qo6TH), and the auditd(8) is apparently trying to resolve that using the DNS:

Thread 5 (Thread 0xb46b3100 (LWP 8738) "rousette"):
#0  0xb65a5624 in __ppoll64 () from /lib/libc.so.6
#1  0xb65a5750 in ppoll () from /lib/libc.so.6
#2  0xb3e85800 in ?? () from /lib/libnss_resolve.so.2
#3  0xb3e8592c in ?? () from /lib/libnss_resolve.so.2
#4  0xb3e8fdbc in ?? () from /lib/libnss_resolve.so.2
#5  0xb3e92044 in ?? () from /lib/libnss_resolve.so.2
#6  0xb3e784f0 in _nss_resolve_gethostbyname4_r () from /lib/libnss_resolve.so.2
#7  0xb65db2d4 in getaddrinfo () from /lib/libc.so.6
#8  0xb62bfbf4 in ?? () from /lib/libaudit.so.1
#9  0xb62c0644 in audit_log_acct_message () from /lib/libaudit.so.1
#10 0xb69cb104 in ?? () from /lib/libpam.so.0
#11 0xb69cb320 in ?? () from /lib/libpam.so.0
#12 0xb69c5bd4 in ?? () from /lib/libpam.so.0
#13 0xb69c55a8 in pam_authenticate () from /lib/libpam.so.0
#14 0x00582094 in rousette::auth::(anonymous namespace)::authenticate_pam (remoteHost=..., userPass=...) at /home/jkt/work/prog/_build/_br-cfb/build/rousette-custom/src/auth/PAM.cpp:175

Since we're designed to run behind a reverse proxy, we do not have a direct access to the actual remote endpoint's address, so we're "faking" that via a unique request ID as provided by nghttpx.

We could:

• stop logging the PAM_RHOST thing,
• somehow pass along the real IP address, if possible,
• try to reconfigure the audit system to stop resolving stuff.