[Freeipa-users] sssd doesn't cache, as it seems
Harald Dunkel
harald.dunkel at aixigo.de
Sat Jan 21 05:46:48 UTC 2017
On 01/20/17 18:42, Simo Sorce wrote:
>
> Is your server being used for authentication ?
> SSSD, by default, always refreshes user credentials on authentication,
> but you can use the cached_auth_timeout setting to relax this
> requirement in SSSD, and reduce the roundtrips for auth attempts.
>
I have set both pam_id_timeout and cached_auth_timeout to 30.
No change, still several requests per second for each user.
???
Harri
-------------- next part --------------
[domain/example.de]
debug_level = 0x0370
cache_credentials = True
cached_auth_timeout = 30
krb5_store_password_if_offline = True
ipa_domain = example.de
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = tisde8i005.ac.example.de
chpass_provider = ipa
ipa_server = _srv_, ipa1.example.de
dns_discovery_domain = example.de
selinux_provider = none
[sssd]
debug_level = 0x0370
services = nss, sudo, pam, ssh
config_file_version = 2
domains = example.de
[nss]
debug_level = 0x0370
homedir_substring = /home
[pam]
pam_id_timeout = 30
debug_level = 0x0370
[sudo]
[autofs]
[ssh]
debug_level = 0x0370
[pac]
[ifp]
More information about the Freeipa-users
mailing list