[Freeipa-users] login delay with sssd
Jakub Hrozek
jhrozek at redhat.com
Tue Jun 2 18:15:24 UTC 2015
On Tue, Jun 02, 2015 at 07:05:21PM +0200, John Obaterspok wrote:
> 2015-06-02 12:11 GMT+02:00 Jakub Hrozek <jhrozek at redhat.com>:
>
> > On Tue, Jun 02, 2015 at 10:28:29AM +0100, Ivars Strazdiņš wrote:
> > >
> > >
> > >
> > > Ar laipniem sveicieniem,
> > > Ivars Strazdiņš
> > >
> > > > On 2. jūn. 2015, at 07:21, Lukas Slebodnik <lslebodn at redhat.com>
> > wrote:
> > > >
> > > > How many groups does problematic user have?
> > >
> > > I can call any user problematic, because all have login delays.
> > > sitaadmin user, being able to to login via ssh, probably has most groups
> > - 4. Doesn’t seem too many, does it?
> > >
> > > siteadmin at mail:~$ id
> > > uid=9268000XX(siteadmin) gid=9268000XX(siteadmin)
> > groups=9268000XX(siteadmin),92680000Y(vpnusers),92680000Z(mailusers),92680000W(scanned)
> > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> > >
> > > I have sssh-1.12.2 installed as per Centos 7.1.
> > > I will have to wait until 1.12.4 or 5 is coming down the pipe with
> > Centos updates.
> >
> > We plan on 7.1.z update, but with different bugzillas.
> >
> > Then we plan on putting 1.13 to 7.2
> >
> > > Hopefully that will resolve or mitigate the issue.
> > > I cannot create mess by putting Fedora updates into Centos, not sure if
> > that's even possible.
> >
> > Lukas keeps the 1.12 branch builds in his COPR repo, maybe those would
> > be easier to test for you?
>
>
> Isn't there also the option to disable the selinux context in sssd.conf
> just to check that it does have an effect. Don't remember what that option
> was.
>
> --- john
Ah, good idea.
If selinux provider is the cause, then setting:
selinux_provider = none
should help.
Unless you're using that feature, of course..
More information about the Freeipa-users
mailing list