On Fri, Jul 15, 2016 at 02:04:43PM +0000, Sullivan, Daniel [AAA] wrote: > Hi, > > Changing pam_id_timeout = 60 and krb5_auth_timeout = 60 on the client in > conjunction with enabling tmpfs caching for /var/lib/sss/db on the DC appears > to have helped significantly.
pam_id_timeout and krb5_auth_timeout are only applied during login, not when id is invoked. So I think the piece that helped in your environment was the tmpfs on the server. Still, I think there are two issues: 1) why does the s2n operation fail at all? We should look into the server logs around the time the s2n operation fails to find the reason 2) why doesn't sssd on the client return cached data if the s2n request fails? See my other mail, I'm interested if the data was cached from a previous lookup. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project