Re: Ten second intermittent delay on login

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


On Thu, Jul 20, 2023 at 1:49 PM Johnnie W Adams <jxadams@xxxxxxxx> wrote:
> Hi, folks,
>      We're experiencing an odd ten-second delay intermittently when logging
> into any of our Linux boxes which authenticate against LDAP. Here's where
> it happens:
> Jul 13 11:54:23 console2 sshd[1853]: debug1: temporarily_use_uid: <my
> uid\gid> (e=0/0)
> Jul 13 11:54:35 console2 sshd[1853]: debug1: trying public key file <my key
> file>
>      My assumption is there's something in sssd slowing it down, but I'm
> having a heck of a time figuring out what or why. Any guidance would be
> greatly appreciated.
> Thanks,
>      John A

sssd is a pretty aggressively "optimized" tool. It's designed, not to
issue LDAP queries, but to pull from a locally stashed copy of the
*entire* upstream LDAP directory, or at least enough of the LDAP
directory to contain every dolder it may reference. The result can be
really nasty when the VPN connection between an internal AD and a
cloud environment, especially when it thinks it has to refresh that
cache. All of it. Without notice. And crash, if it doesn't succeed
within the hard-coded and un-tunable timeout periods.

I'm not happy with some of sssd's behavior, especially the head games
it plays with systemd about "I'm started, I'm running, I'm allowing
logins via SSH, la-la-la-la-la, I failed to cache the full LDAP and
now I will crash hard with systemd not noticing and recovering the
service". It's an unpleasant problem.
openssh-unix-dev mailing list

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux