Thanks Lucas for the information. I tried the selinux line, it did not seem to make a difference.
As I said in my original email, login to the IPA server itself does not exhibit the same behavior, although every system has the same SSSD configuration and SElinux enabled. I actually tried "setenforce 0" on a client without any effect either. I checked all the reference you provided, my feelings is that the events add up still would not account for 5 seconds delay:-( If anybody would like to have debug information, please let me know (the procedure to produce). Please also let me know if I should file a bug. Many thanks, Qing On Mon, Apr 13, 2015 at 4:22 PM, Lukas Slebodnik <[email protected]> wrote: > On (13/04/15 15:28), Qing Chang wrote: > >OS: CentoOS 7.1 > >IPA: 4.1.0-18 > >SSSD: 1.12.2-58 > > > >With IPA any clients running CentOS7.1 authentication for ssh and sudo > >takes more than 5 seconds _after_ putting in password. If ssh to the IPA > >server itself, it authenticates instantly. > > > >Google did not provide much relevant information. Note that this is not a > >slow ssh session to get to authentication prompt, it always gets to the > >prompt without delay. > > > >Also it is not related to NFS performance, it is equally slow if I login > to > >a NFS server (IPA client) locally or login to a server (also a IPA client) > >that has autofs home. > > > >IPA server is a fresh installation with just a couple of users. I had an > >installation previously that has more than a thousand user accounts on > >CentOS 6. Users did not have the slowness problem as with this new > >installation. > > > >Hope this list can provide some pointers. > > > You might hit bug[1]. > > If you do not use SELinux ser mapping[2] you can try to disable > this feature. > > put "selinux_provider = none" into domain section of sssd.conf > > If it doesn't help you can tahe a look on sssd<->systemd conversation in > mail > thread[3] > > LS > > [1] https://fedorahosted.org/sssd/ticket/2624 > [2] https://www.freeipa.org/page/SELinux_user_mapping > [3] > http://lists.freedesktop.org/archives/systemd-devel/2015-April/030496.html > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users >
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
