On Thu, Aug 13, 2015 at 12:12:03PM +0200, seli irithyl wrote: > In the logs, there is lots of warnings concerning pki tomcat server : > > Aug 13 09:51:56 lead.bioinf.local systemd[1]: Started The Apache HTTP > Server. > Aug 13 09:51:56 lead.bioinf.local systemd[1]: Starting > system-pki\x2dtomcatd.slice. > Aug 13 09:51:56 lead.bioinf.local systemd[1]: Created slice > system-pki\x2dtomcatd.slice. > Aug 13 09:51:56 lead.bioinf.local systemd[1]: Starting PKI Tomcat Server. > Aug 13 09:51:56 lead.bioinf.local systemd[1]: Reached target PKI Tomcat > Server. > Aug 13 09:51:56 lead.bioinf.local systemd[1]: Starting PKI Tomcat Server > pki-tomcat... > Aug 13 09:51:57 lead.bioinf.local systemd[1]: Started PKI Tomcat Server > pki-tomcat. > Aug 13 09:51:57 lead.bioinf.local server[5213]: Java virtual machine used: > /usr/bin/java > Aug 13 09:51:57 lead.bioinf.local server[5213]: classpath used: > /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar > Aug 13 09:51:57 lead.bioinf.local server[5213]: main class used: > org.apache.catalina.startup.Bootstrap > Aug 13 09:51:57 lead.bioinf.local server[5213]: flags used: > -DRESTEASY_LIB=/usr/share/java/resteasy-base > Aug 13 09:51:57 lead.bioinf.local server[5213]: options used: > -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat > -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp > -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties > -Djav > Aug 13 09:51:57 lead.bioinf.local server[5213]: arguments used: start > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'enableOCSP' to 'false' did not find a matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'ocspResponderURL' to 'http://lead.bioinf.local:9080/ca/ocsp' did not find > a matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not find a > matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'ocspCacheSize' to '1000' did not find a matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'ocspMinCacheEntryDuration' to '60' did not find a matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'ocspMaxCacheEntryDuration' to '120' did not find a matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'ocspTimeout' to '10' did not find a matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'strictCiphers' to 'true' did not find a matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'sslOptions' to 'ssl2=true,ssl3=true,tls=true' did not find a matching > property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'ssl2Ciphers' to > '-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'ssl3Ciphers' to > '-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'tlsCiphers' to > '-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TL > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf' > did not find a matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'passwordFile' to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find > a matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'passwordClass' to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did > not find a matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not find a matching > property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find a matching > property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.catalina.startup.SetAllPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'sslRangeCiphers' to > '-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SH > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.tomcat.util.digester.SetPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetPropertiesRule]{Server/Service/Engine/Host} Setting property > 'xmlValidation' to 'false' did not find a matching property. > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM > org.apache.tomcat.util.digester.SetPropertiesRule begin > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING: > [SetPropertiesRule]{Server/Service/Engine/Host} Setting property > 'xmlNamespaceAware' to 'false' did not find a matching property. > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM > org.apache.coyote.AbstractProtocol init > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Initializing > ProtocolHandler ["http-bio-8080"] > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM > org.apache.coyote.AbstractProtocol init > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Initializing > ProtocolHandler ["http-bio-8443"] > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher > "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" not recognized by tomcatjss > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher > "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" not recognized by tomcatjss > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher > "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" not recognized by tomcatjss > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher > "TLS_RSA_WITH_3DES_EDE_CBC_SHA" not recognized by tomcatjss > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher > "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" not recognized by tomcatjss > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher > "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" not recognized by tomcatjss > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher > "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" unsupported by NSS > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher > "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" unsupported by NSS > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM > org.apache.coyote.AbstractProtocol init > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Initializing > ProtocolHandler ["ajp-bio-127.0.0.1-8009"] > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM > org.apache.catalina.startup.Catalina load > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Initialization > processed in 995 ms > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM > org.apache.catalina.core.StandardService startInternal > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Starting service > Catalina > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM > org.apache.catalina.core.StandardEngine startInternal > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Starting Servlet > Engine: Apache Tomcat/7.0.54 > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM > org.apache.catalina.startup.HostConfig deployDescriptor > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Deploying > configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/ca.xml > Aug 13 09:51:59 lead.bioinf.local server[5213]: > SSLAuthenticatorWithFallback: Creating SSL authenticator with fallback > Aug 13 09:51:59 lead.bioinf.local server[5213]: > SSLAuthenticatorWithFallback: Setting container > Aug 13 09:52:01 lead.bioinf.local server[5213]: > SSLAuthenticatorWithFallback: Initializing authenticators > Aug 13 09:52:01 lead.bioinf.local server[5213]: > SSLAuthenticatorWithFallback: Starting authenticators > Aug 13 09:52:12 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:12 AM > org.apache.catalina.startup.HostConfig deployDescriptor > Aug 13 09:52:12 lead.bioinf.local server[5213]: INFO: Deployment of > configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/ca.xml has > finished in 13,391 ms > Aug 13 09:52:12 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:12 AM > org.apache.catalina.startup.HostConfig deployDescriptor > Aug 13 09:52:12 lead.bioinf.local server[5213]: INFO: Deploying > configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml > Aug 13 09:52:16 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:16 AM > org.apache.jasper.EmbeddedServletOptions <init> > Aug 13 09:52:16 lead.bioinf.local server[5213]: SEVERE: The scratchDir you > specified: /var/lib/pki/pki-tomcat/work/Catalina/localhost/pki is unusable. > Aug 13 09:52:16 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:16 AM > org.apache.catalina.startup.HostConfig deployDescriptor > Aug 13 09:52:16 lead.bioinf.local server[5213]: INFO: Deployment of > configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/pki.xml has > finished in 2,683 ms > Aug 13 09:52:16 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:16 AM > org.apache.coyote.AbstractProtocol start > Aug 13 09:52:16 lead.bioinf.local server[5213]: INFO: Starting > ProtocolHandler ["http-bio-8080"] > Aug 13 09:52:16 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:16 AM > org.apache.coyote.AbstractProtocol start > Aug 13 09:52:16 lead.bioinf.local server[5213]: INFO: Starting > ProtocolHandler ["http-bio-8443"] > Aug 13 09:52:16 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:16 AM > org.apache.coyote.AbstractProtocol start > Aug 13 09:52:16 lead.bioinf.local server[5213]: INFO: Starting > ProtocolHandler ["ajp-bio-127.0.0.1-8009"] > Aug 13 09:52:16 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:16 AM > org.apache.catalina.startup.Catalina start > Aug 13 09:52:16 lead.bioinf.local server[5213]: INFO: Server startup in > 17320 ms > > May this be related to my slow login problem ?
I don't think so. You really need to look into the sssd domain log, check what requests (getAccountInfo) take the longest. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project