saslauthd with mech "kerberos5" generates a lot of ldap-load

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


our cyrus imap server is configured with "sasl_pwcheck_method: saslauthd" and the saslauthd with mech "kerberos5".
Everything else we needed was a krb5.conf and a krb5.keytab, so far the authentication over imap works.

On the mail server is also a sssd configured, so that the server knows all users from an ldap-server (samba4).
Users are not allowed to login on this server. (ssh, local), but I think for postfix the server needs to know all users.

If I turn off the sssd, imap-authentication still works. Means saslauthd doesnt need the local authentication service "sssd".
So far it makes sense to me, saslauthd is configured for kerberos5.

But when I turn on the sssd, imap-authentication still works, but when a user logs in over imap, the sssd resolves all ldap-groups
from this user, and this generates a lot of ldap-load, so that the mail-server becomes very slow.

So it seems, the saslauthd asks the local user-management for group-informations, is this right ?
Is there any connection between the local user-management and saslauthd, although saslauthd is configured with kerberos5 ?


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux