[Freeipa-users] Slow logins on FreeIPA 4.1.2 (F21)

Wed Apr 8 08:43:10 UTC 2015

Am 08.04.2015 um 10:27 schrieb Jakub Hrozek:
> Can you run:
>     KRB5_TRACE=/dev/stderr kinit yourprinc at YOUR.REALM
>
> So that we can compare with the krb5_child.log you sent earlier? I
> wonder if SSSD talks to a KDC that is slower or far away from your
> client..
>
This is my trace from kinit:

[2422] 1428482081.62208: AS key obtained for encrypted timestamp:
aes256-cts/61D1
[2422] 1428482081.62288: Encrypted timestamp (for 1428482081.868994):
plain ***, encrypted ***
[2422] 1428482081.62328: Preauth module encrypted_timestamp (2) (real)
returned: 0/Success
[2422] 1428482081.62342: Produced preauth for next request: 133, 2
[2422] 1428482081.62379: Sending request (265 bytes) to MITTELERDE.DE
[2422] 1428482081.62484: Sending initial UDP request to dgram 1.2.3.4:88
[2422] 1428482081.201814: Received answer (740 bytes) from dgram 1.2.3.4:88
[2422] 1428482081.201872: Response was from master KDC
[2422] 1428482081.201905: Processing preauth types: 19
[2422] 1428482081.201914: Selected etype info: etype aes256-cts, salt
"***", params ""
[2422] 1428482081.201920: Produced preauth for next request: (empty)
[2422] 1428482081.201929: AS key determined by preauth: aes256-cts/61D1
[2422] 1428482081.201973: Decrypted AS reply; session key is:
aes256-cts/C464
[2422] 1428482081.201991: FAST negotiation: available
[2422] 1428482081.202014: Initializing KEYRING:persistent:0:0 with
default princ frodo at MITTELERDE.DE
[2422] 1428482081.202058: Removing frodo at MITTELERDE.DE ->
krbtgt/MITTELERDE.DE at MITTELERDE.DE from KEYRING:persistent:0:0
[2422] 1428482081.202065: Storing frodo at MITTELERDE.DE ->
krbtgt/MITTELERDE.DE at MITTELERDE.DE in KEYRING:persistent:0:0
[2422] 1428482081.202110: Storing config in KEYRING:persistent:0:0 for
krbtgt/MITTELERDE.DE at MITTELERDE.DE: fast_avail: yes
[2422] 1428482081.202126: Removing frodo at MITTELERDE.DE ->
krb5_ccache_conf_data/fast_avail/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE at X-CACHECONF:
from KEYRING:persistent:0:0
[2422] 1428482081.202133: Storing frodo at MITTELERDE.DE ->
krb5_ccache_conf_data/fast_avail/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE at X-CACHECONF:
in KEYRING:persistent:0:0
[2422] 1428482081.202166: Storing config in KEYRING:persistent:0:0 for
krbtgt/MITTELERDE.DE at MITTELERDE.DE: pa_type: 2
[2422] 1428482081.202177: Removing frodo at MITTELERDE.DE ->
krb5_ccache_conf_data/pa_type/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE at X-CACHECONF:
from
KEYRING:persistent:0:0                                                                                                                                                 

[2422] 1428482081.202184: Storing frodo at MITTELERDE.DE ->
krb5_ccache_conf_data/pa_type/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE at X-CACHECONF:
in
KEYRING:persistent:0:0                                                                                                                                                    

Most of the host can only communicate in the local net, which has not
that much hosts (10). The wired ones are connected via GBit Network,
wireless it is up to 150MBit. Server is a Xeon E3-1225 with 8GB Mem. All
Systems have Fedora 21 installed

Martin.