On Fri, Jul 15, 2016 at 02:04:43PM +0000, Sullivan, Daniel [AAA] wrote:
> Changing pam_id_timeout = 60 and krb5_auth_timeout = 60 on the client in
> conjunction with enabling tmpfs caching for /var/lib/sss/db on the DC appears
> to have helped significantly.
pam_id_timeout and krb5_auth_timeout are only applied during login, not
when id is invoked. So I think the piece that helped in your environment
was the tmpfs on the server.
Still, I think there are two issues:
1) why does the s2n operation fail at all? We should look into the
server logs around the time the s2n operation fails to find the
2) why doesn't sssd on the client return cached data if the s2n
request fails? See my other mail, I'm interested if the data was
cached from a previous lookup.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project