Can you file a RFE?
Sure:
https://fedorahosted.org/sssd/ticket/2408
Could you check in the logs what takes the longest during the whole
request? If your server is really fast, maybe you can add
debug_microseconds to the config file to increase the resolution..
I tried, but I'm not seeing a particular area that's slower than others. I can try
looking more carefully when I have some time.
The lookup doesn't make a huge difference in one request, but it adds up.
In particular, this machine runs Subversion over Apache, and authenticates against the
system users (using SSSD). Unfortunately SVN over Apache makes a ton of separate requests.
Since SSSD doesn't cache, I'm probably going to look into having Apache use a
method that does, like mod_ldap.
Maybe the new option could cover both the initgroups and
authentication,
not sure. It's a bit of slippery slope, because on a Linux system
authentication is actually the only moment where groups are set. On the
other hand, group membership don't change that often..
Plus, if you're doing offline caching, you're already going down that slope...
Jacob