On Thu, 2014-05-22 at 12:47 -0400, Bret Wortman wrote:
If this line is in /etc/nsswitch.conf:
passwd: files sss
Why would the user account from IPA get used when an identical one
exists in /etc/passwd? We can tell because of some additional groups
granted when authentication comes from
A. Then it's probably not the source of my performance problem. I
know when I shut down SSSD, that user's ssh times speed up incredibly.
Bret
On 05/22/2014 01:06 PM, Simo Sorce wrote:
On Thu, 2014-05-22 at 12:47 -0400, Bret Wortman wrote:
If this line is in /etc/nsswitch.conf:
passwd:
On Thu, 2014-05-22 at 13:12 -0400, Bret Wortman wrote:
A. Then it's probably not the source of my performance problem. I
know when I shut down SSSD, that user's ssh times speed up incredibly.
This makes me think it *is* initgroups, as it normally will hit sssd
even for non-sssd owned
Yep, that initgroups change had the same effect as shutting down sssd,
but without inconveniencing all the IPA-only users.
The problem in this particular case was made worse by a lot of network
latency, but even on network segments local to the ipa masters, it's
taking seconds to
On Thu, May 22, 2014 at 01:22:28PM -0400, Bret Wortman wrote:
Yep, that initgroups change had the same effect as shutting down
sssd, but without inconveniencing all the IPA-only users.
The problem in this particular case was made worse by a lot of
network latency, but even on network