-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu 11 Apr 2013 08:22:52 AM EDT, Sutton, Harry (GSSE) wrote:
Since getting sssd logins to work correctly, I'm noticing that
logging in with my 'old' local user account takes orders of
magnitude longer to complete than before. (root logins continue to
happen without any noticeable delay.) Why is that, and is there a
configuration parameter I can change to restore normal login times
for local non-root users? I can work around the problem by opening
a separate text console as root and stopping the sssd daemon until
the login completes, then restarting the daemon.
Ultimately, of course, I think the logical solution is to create a
local sssd user (with an associated LOCAL domain), but I've grown
fond of my local account user name and I'm not certain yet that I
can use sss_useradd to create a local database entry with the same
account name without some unintended (and perhaps negative)
consequences.
You shouldn't be seeing any delays at all for the local user during
login, unless the initgroups() call for that user is taking a long
time. The PAM stack should not be getting to pam_sss.so at all if it's
properly configured. What version of SSSD are you running, on what
distro? If it's Fedora/RHEL based, can I see /etc/pam.d/password-auth?
Also, try the following experiment:
time id -G <localuser>
and show me the output.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlFmsDgACgkQeiVVYja6o6PN9ACfZWeFsRZqMowRAOcI3nqgw8tH
4kQAnRrE6r/gdc/dUEIL7BiybN/PFNrK
=2r1X
-----END PGP SIGNATURE-----