On 01/20/17 18:42, Simo Sorce wrote:
> 
> Is your server being used for authentication ?
> SSSD, by default, always refreshes user credentials on authentication,
> but you can use the cached_auth_timeout setting to relax this
> requirement in SSSD, and reduce the roundtrips for auth attempts.
> 

I have set both pam_id_timeout and cached_auth_timeout to 30.
No change, still several requests per second for each user.

???
Harri

[domain/example.de]
debug_level = 0x0370
cache_credentials = True
cached_auth_timeout = 30
krb5_store_password_if_offline = True
ipa_domain = example.de
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = tisde8i005.ac.example.de
chpass_provider = ipa
ipa_server = _srv_, ipa1.example.de
dns_discovery_domain = example.de
selinux_provider = none

[sssd]
debug_level = 0x0370
services = nss, sudo, pam, ssh
config_file_version = 2
domains = example.de

[nss]
debug_level = 0x0370
homedir_substring = /home

[pam]
pam_id_timeout = 30
debug_level = 0x0370

[sudo]

[autofs]

[ssh]
debug_level = 0x0370

[pac]

[ifp]

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to