On (01/06/15 15:42), Ivars Strazdiņš wrote:
>how could I possibly trace why there is a noticeable delay when logging into 
>sssd enabled server?
>With ssh there is a 2-3 second delay before users logs in. But most users 
>notice this with webmail, which uses dovecot->pam->sssd as authentication 
>Environment is Centos 7.1 and FreeIPA 4.1.0 servers, two redundant.
>Client also running Centos 7.1 with sssd.
>Installation as per IPA handbook. DNS is proper (or so I think :) ).
>Nothing special in logs that I could attribute to this problem except maybe 
>that for each successful login there is a pam_unix failure entry in 
>/var/log/secure log like:
>Jun  1 17:38:36 mail auth: pam_unix(dovecot:auth): authentication failure; 
>logname= uid=0 euid=0 tty=dovecot ruser=us...@company.com rhost=::1  
>Jun  1 17:38:37 mail auth: pam_sss(dovecot:auth): authentication success; 
>logname= uid=0 euid=0 tty=dovecot ruser=us...@company.com rhost=::1 
>But when user is logged in, “id” command result is instantaneous.
>All machines have selinux enabled, of course.
How many groups does problematic user have?

Some performance degradation caused by semanage.
Here is an upstream ticket

It is already fixed in fedora,
but you can test with prerelease of sssd-1.12.5



Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to