[Freeipa-users] sssd doesn't cache, as it seems
Jakub Hrozek
jhrozek at redhat.com
Sat Jan 21 12:49:19 UTC 2017
> On 21 Jan 2017, at 06:46, Harald Dunkel <harald.dunkel at aixigo.de> wrote:
>
> On 01/20/17 18:42, Simo Sorce wrote:
>>
>> Is your server being used for authentication ?
>> SSSD, by default, always refreshes user credentials on authentication,
>> but you can use the cached_auth_timeout setting to relax this
>> requirement in SSSD, and reduce the roundtrips for auth attempts.
>>
>
> I have set both pam_id_timeout and cached_auth_timeout to 30.
> No change, still several requests per second for each user.
>
> ???
> Harri
>
Can you check what kind of query do you see in the LDAP server log?
Do the server logs correlate with debug logs from the nss and domain sections of sssd?
Are you sure there is no other NSS module in nsswitch.conf other than files and sss?
> <sssd.conf>--
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list