[Freeipa-users] login delay with sssd
John Obaterspok
john.obaterspok at gmail.com
Tue Jun 2 17:05:21 UTC 2015
2015-06-02 12:11 GMT+02:00 Jakub Hrozek <jhrozek at redhat.com>:
> On Tue, Jun 02, 2015 at 10:28:29AM +0100, Ivars Strazdiņš wrote:
> >
> >
> >
> > Ar laipniem sveicieniem,
> > Ivars Strazdiņš
> >
> > > On 2. jūn. 2015, at 07:21, Lukas Slebodnik <lslebodn at redhat.com>
> wrote:
> > >
> > > How many groups does problematic user have?
> >
> > I can call any user problematic, because all have login delays.
> > sitaadmin user, being able to to login via ssh, probably has most groups
> - 4. Doesn’t seem too many, does it?
> >
> > siteadmin at mail:~$ id
> > uid=9268000XX(siteadmin) gid=9268000XX(siteadmin)
> groups=9268000XX(siteadmin),92680000Y(vpnusers),92680000Z(mailusers),92680000W(scanned)
> context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> >
> > I have sssh-1.12.2 installed as per Centos 7.1.
> > I will have to wait until 1.12.4 or 5 is coming down the pipe with
> Centos updates.
>
> We plan on 7.1.z update, but with different bugzillas.
>
> Then we plan on putting 1.13 to 7.2
>
> > Hopefully that will resolve or mitigate the issue.
> > I cannot create mess by putting Fedora updates into Centos, not sure if
> that's even possible.
>
> Lukas keeps the 1.12 branch builds in his COPR repo, maybe those would
> be easier to test for you?
Isn't there also the option to disable the selinux context in sssd.conf
just to check that it does have an effect. Don't remember what that option
was.
--- john
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150602/5d3cb048/attachment.htm>
More information about the Freeipa-users
mailing list