On Fri, Jul 15, 2016 at 02:04:43PM +0000, Sullivan, Daniel [AAA] wrote:
> Hi,
> 
> Changing pam_id_timeout = 60 and krb5_auth_timeout = 60 on the client in 
> conjunction with enabling tmpfs caching for /var/lib/sss/db on the DC appears 
> to have helped significantly.  

pam_id_timeout and krb5_auth_timeout are only applied during login, not
when id is invoked. So I think the piece that helped in your environment
was the tmpfs on the server.

Still, I think there are two issues:
    1) why does the s2n operation fail at all? We should look into the
    server logs around the time the s2n operation fails to find the
    reason

    2) why doesn't sssd on the client return cached data if the s2n
    request fails? See my other mail, I'm interested if the data was
    cached from a previous lookup.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to