[Freeipa-users] Freeipa 4.2.0 slow response

Mon Sep 12 17:53:12 UTC 2016

Hi,

I am experiencing a very slow response from freeipa.. the new passwords
that I am resetting are never working for the users and its takes a lot of
time for an existing user to login around 25 secs.

doing a kinit admin itself is very slowKRB5_TRACE=/dev/stderr kinit admin
[11298] 1473702491.60880: Getting initial credentials for admin at XYZ.COM
[11298] 1473702491.62981: Sending request (167 bytes) to XYZ.COM
[11298] 1473702491.63119: Initiating TCP connection to stream 10.1.3.35:88
[11298] 1473702491.63359: Sending TCP request to stream 10.1.3.35:88
[11298] 1473702493.797835: Received answer (341 bytes) from stream
10.1.3.35:88
[11298] 1473702493.797848: Terminating TCP connection to stream 10.1.3.35:88
[11298] 1473702493.797911: Response was from master KDC
[11298] 1473702493.797956: Received error from KDC: -1765328359/Additional
pre-authentication required
[11298] 1473702493.797993: Processing preauth types: 136, 19, 2, 133
[11298] 1473702493.798005: Selected etype info: etype aes256-cts, salt
"V at Cbu147E#1;R0WD", params ""
[11298] 1473702493.798009: Received cookie: MIT
Password for admin at XYZ.COM:
[11298] 1473702498.190064: AS key obtained for encrypted timestamp:
aes256-cts/2C9D
[11298] 1473702498.190109: Encrypted timestamp (for 1473702498.184527):
plain 301AA011180F32303136303931323137343831385AA105020302D0CF, encrypted
25FC8D37EFB6B7837C8D5C6649DFB9972010D40EE29D1222FBA45CAA98428E42C7FCC9B7FE881A04BD3390A6A9EDE9D2D93729FDF3E47B6D
[11298] 1473702498.190129: Preauth module encrypted_timestamp (2) (real)
returned: 0/Success
[11298] 1473702498.190133: Produced preauth for next request: 133, 2
[11298] 1473702498.190148: Sending request (261 bytes) to XYZ.COM
[11298] 1473702498.190246: Initiating TCP connection to stream 10.1.3.35:88
[11298] 1473702499.191933: Sending initial UDP request to dgram 10.1.3.35:88
[11298] 1473702502.195157: Sending retry UDP request to dgram 10.1.3.35:88
[11298] 1473702507.200405: Sending retry UDP request to dgram 10.1.3.35:88
[11298] 1473702513.226371: Sending TCP request to stream 10.1.3.35:88
[11298] 1473702515.797243: Received answer (730 bytes) from stream
10.1.3.35:88
[11298] 1473702515.797271: Terminating TCP connection to stream 10.1.3.35:88
[11298] 1473702515.797326: Response was from master KDC
[11298] 1473702515.797353: Processing preauth types: 19
[11298] 1473702515.797360: Selected etype info: etype aes256-cts, salt
"V at Cbu147E#1;R0WD", params ""
[11298] 1473702515.797394: Produced preauth for next request: (empty)
[11298] 1473702515.797401: AS key determined by preauth: aes256-cts/2C9D
[11298] 1473702515.797445: Decrypted AS reply; session key is:
aes256-cts/702E
[11298] 1473702515.797460: FAST negotiation: available
[11298] 1473702515.797478: Initializing KEYRING:persistent:0:0 with default
princ admin at XYZ.COM
[11298] 1473702515.797534: Storing admin at XYZ.COM -> krbtgt/XYZ.COM at XYZ.COM
in KEYRING:persistent:0:0
[11298] 1473702515.797572: Storing config in KEYRING:persistent:0:0 for
krbtgt/XYZ.COM at XYZ.COM: fast_avail: yes
[11298] 1473702515.797585: Storing admin at XYZ.COM ->
krb5_ccache_conf_data/fast_avail/krbtgt\/XYZ.COM\@XYZ.COM at X-CACHECONF: in
KEYRING:persistent:0:0
[11298] 1473702515.797631: Storing config in KEYRING:persistent:0:0 for
krbtgt/XYZ.COM at XYZ.COM: pa_type: 2
[11298] 1473702515.797647: Storing admin at XYZ.COM ->
krb5_ccache_conf_data/pa_type/krbtgt\/XYZ.COM\@XYZ.COM at X-CACHECONF: in
KEYRING:persistent:0:0

are any pointers as to what could be causing this slowness

Thanks
Rakesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160912/44c904d2/attachment.htm>