Hi,
Could you please check the size of the /var/lib/sss/secrets/secrets.ldb
file and use the following command as root to identify if there are too
many old secrets kept?
ldbsearch -H /var/lib/sss/secrets/secrets.ldb -a dn creationTime | awk
'/creationTime:/ { print strftime("creationTime: %F", $2) }; { print $0 }'
You can achieve the same thing using the klist command as every user using
KCM.
On Mon, Feb 3, 2025 at 11:20 AM John Beranek via sssd-users <
[email protected]> wrote:
> Hi,
>
> We've recently spotted an issue on some of our EL9 servers, where sssd-kcm
> becomes long-running, and high in RAM usage. After sssd-kcm has been
> running for a week or more, it can easily reach, say, 680MiB. (We've seen
> it as high as 1.5GiB, consuming all the server's RAM and swap)
>
> The issue particularly seems to affect FTP servers of ours which are
> configured with sssd (Active Directory) authentication, which will be doing
> a lot of authentications.
>
> Details:
>
> OS: Oracle Linux 9.5
>
> $ rpm -qa|grep sssd
> sssd-nfs-idmap-2.9.5-4.0.1.el9_5.4.x86_64
> sssd-client-2.9.5-4.0.1.el9_5.4.x86_64
> sssd-common-2.9.5-4.0.1.el9_5.4.x86_64
> sssd-krb5-common-2.9.5-4.0.1.el9_5.4.x86_64
> sssd-common-pac-2.9.5-4.0.1.el9_5.4.x86_64
> sssd-ad-2.9.5-4.0.1.el9_5.4.x86_64
> sssd-krb5-2.9.5-4.0.1.el9_5.4.x86_64
> sssd-kcm-2.9.5-4.0.1.el9_5.4.x86_64
>
> $ ps auxww|egrep "RSS|kcm"
> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
> root 1354320 0.8 37.9 1847812 587088 ? Ss Jan23 130:39
> /usr/libexec/sssd/sssd_kcm --uid 0 --gid 0 --logger=files
>
> $ ls /etc/krb5.conf.d
> crypto-policies@ enable_sssd_conf_dir kcm_default_ccache
>
> Any ideas what could be causing this behaviour?
>
> Cheers,
>
> John
> --
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
--
Alejandro
--
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
