Hi, I am experiencing a very slow response from freeipa.. the new passwords that I am resetting are never working for the users and its takes a lot of time for an existing user to login around 25 secs.
doing a kinit admin itself is very slowKRB5_TRACE=/dev/stderr kinit admin [11298] 1473702491.60880: Getting initial credentials for ad...@xyz.com [11298] 1473702491.62981: Sending request (167 bytes) to XYZ.COM [11298] 1473702491.63119: Initiating TCP connection to stream 10.1.3.35:88 [11298] 1473702491.63359: Sending TCP request to stream 10.1.3.35:88 [11298] 1473702493.797835: Received answer (341 bytes) from stream 10.1.3.35:88 [11298] 1473702493.797848: Terminating TCP connection to stream 10.1.3.35:88 [11298] 1473702493.797911: Response was from master KDC [11298] 1473702493.797956: Received error from KDC: -1765328359/Additional pre-authentication required [11298] 1473702493.797993: Processing preauth types: 136, 19, 2, 133 [11298] 1473702493.798005: Selected etype info: etype aes256-cts, salt "V@Cbu147E#1;R0WD", params "" [11298] 1473702493.798009: Received cookie: MIT Password for ad...@xyz.com: [11298] 1473702498.190064: AS key obtained for encrypted timestamp: aes256-cts/2C9D [11298] 1473702498.190109: Encrypted timestamp (for 1473702498.184527): plain 301AA011180F32303136303931323137343831385AA105020302D0CF, encrypted 25FC8D37EFB6B7837C8D5C6649DFB9972010D40EE29D1222FBA45CAA98428E42C7FCC9B7FE881A04BD3390A6A9EDE9D2D93729FDF3E47B6D [11298] 1473702498.190129: Preauth module encrypted_timestamp (2) (real) returned: 0/Success [11298] 1473702498.190133: Produced preauth for next request: 133, 2 [11298] 1473702498.190148: Sending request (261 bytes) to XYZ.COM [11298] 1473702498.190246: Initiating TCP connection to stream 10.1.3.35:88 [11298] 1473702499.191933: Sending initial UDP request to dgram 10.1.3.35:88 [11298] 1473702502.195157: Sending retry UDP request to dgram 10.1.3.35:88 [11298] 1473702507.200405: Sending retry UDP request to dgram 10.1.3.35:88 [11298] 1473702513.226371: Sending TCP request to stream 10.1.3.35:88 [11298] 1473702515.797243: Received answer (730 bytes) from stream 10.1.3.35:88 [11298] 1473702515.797271: Terminating TCP connection to stream 10.1.3.35:88 [11298] 1473702515.797326: Response was from master KDC [11298] 1473702515.797353: Processing preauth types: 19 [11298] 1473702515.797360: Selected etype info: etype aes256-cts, salt "V@Cbu147E#1;R0WD", params "" [11298] 1473702515.797394: Produced preauth for next request: (empty) [11298] 1473702515.797401: AS key determined by preauth: aes256-cts/2C9D [11298] 1473702515.797445: Decrypted AS reply; session key is: aes256-cts/702E [11298] 1473702515.797460: FAST negotiation: available [11298] 1473702515.797478: Initializing KEYRING:persistent:0:0 with default princ ad...@xyz.com [11298] 1473702515.797534: Storing ad...@xyz.com -> krbtgt/xyz....@xyz.com in KEYRING:persistent:0:0 [11298] 1473702515.797572: Storing config in KEYRING:persistent:0:0 for krbtgt/xyz....@xyz.com: fast_avail: yes [11298] 1473702515.797585: Storing ad...@xyz.com -> krb5_ccache_conf_data/fast_avail/krbtgt\/XYZ.COM\@XYZ.COM@X-CACHECONF: in KEYRING:persistent:0:0 [11298] 1473702515.797631: Storing config in KEYRING:persistent:0:0 for krbtgt/xyz....@xyz.com: pa_type: 2 [11298] 1473702515.797647: Storing ad...@xyz.com -> krb5_ccache_conf_data/pa_type/krbtgt\/XYZ.COM\@XYZ.COM@X-CACHECONF: in KEYRING:persistent:0:0 are any pointers as to what could be causing this slowness Thanks Rakesh
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project