On 01/20/17 18:42, Simo Sorce wrote: > > Is your server being used for authentication ? > SSSD, by default, always refreshes user credentials on authentication, > but you can use the cached_auth_timeout setting to relax this > requirement in SSSD, and reduce the roundtrips for auth attempts. >
I have set both pam_id_timeout and cached_auth_timeout to 30. No change, still several requests per second for each user. ??? Harri
[domain/example.de] debug_level = 0x0370 cache_credentials = True cached_auth_timeout = 30 krb5_store_password_if_offline = True ipa_domain = example.de id_provider = ipa auth_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = tisde8i005.ac.example.de chpass_provider = ipa ipa_server = _srv_, ipa1.example.de dns_discovery_domain = example.de selinux_provider = none [sssd] debug_level = 0x0370 services = nss, sudo, pam, ssh config_file_version = 2 domains = example.de [nss] debug_level = 0x0370 homedir_substring = /home [pam] pam_id_timeout = 30 debug_level = 0x0370 [sudo] [autofs] [ssh] debug_level = 0x0370 [pac] [ifp]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
