[Freeipa-devel] Does credential checking take a long time?
Karl MacMillan
kmacmill at redhat.com
Mon Nov 12 14:39:41 UTC 2007
On Mon, 2007-11-12 at 16:08 +1000, David O'Brien wrote:
> I haven't nailed this right down yet, but one of the things I do when I
> boot any of my ipa machines is to su - to check a couple of config files
> (they get rewritten by vpn).
>
> It takes anything up to a minute? to get a root prompt back. About 10
> minutes after bootup, I get a message that my Kerberos credentials have
> expired. when I renew, I can su - and get a root prompt immediately.
>
I believe that your system is trying to contact the kdc but can't until
you make the config changes. So the delay is waiting for that timeout to
occur. Any authentication will trigger this because of the pam krb5
module.
Karl
More information about the Freeipa-devel
mailing list