Proftpd timeout problem - solved

Over the past few months I've been moving many of the Linux systems I look after over to CentOS 5.2 - the latest free version of Red Hat's system.

One of the ongoing problems has been intermittant timeouts by some of the users of ftp. All of them use Proftpd.

After doing some tcpdump analysis, one customer and I noted that no matter what the settings in the proftpd.conf file, the system was doing a IDENT callout which was taking up to 30 seconds to time out.

I even tried installing an older version of Proftpd on one of this customers virtual machines; to no avail.

Now it turns out that, through some more digging by my customer (I hate it when they find stuff I didn't fined - but it doesn't happen often - thanks Denis) the problem is solved!

Xinetd - the replacement for inetd, the task spawner for incoming stream services that is one option for starting FTP sessions (the other is running a daemon all the time) has some options that cause IT (Xinetd) to do the callout to IDENT on the user's system.

If you take a look at the xproftpd or proftpd configuration file in /etc/xinetd.d you'll find a couple of lines for logging:

       log_on_success          += DURATION USERID
       log_on_failure             += USERID

If you comment these lines out, the problem goes away
 

From the xintetd.conf man page (man xinetd.conf):

                        USERID      logs the user id of the remote user  using
                                    the   RFC  1413  identification  protocol.
                                    This option is available only  for  multi-
                                    threaded stream services.