Thanks Lucas for the information.
I tried the selinux line, it did not seem to make a difference.
As I said in my original email, login to the IPA server itself does not
exhibit the same behavior, although
every system has the same SSSD configuration and SElinux enabled. I
actually tried "setenforce 0"
on a client without any effect either.
I checked all the reference you provided, my feelings is that the events
add up still would not account for 5 seconds delay:-(
If anybody would like to have debug information, please let me know (the
procedure to produce). Please also let me know if I should file a bug.
On Mon, Apr 13, 2015 at 4:22 PM, Lukas Slebodnik <lslebodn(a)redhat.com>
On (13/04/15 15:28), Qing Chang wrote:
>OS: CentoOS 7.1
>With IPA any clients running CentOS7.1 authentication for ssh and sudo
>takes more than 5 seconds _after_ putting in password. If ssh to the IPA
>server itself, it authenticates instantly.
>Google did not provide much relevant information. Note that this is not a
>slow ssh session to get to authentication prompt, it always gets to the
>prompt without delay.
>Also it is not related to NFS performance, it is equally slow if I login
>a NFS server (IPA client) locally or login to a server (also a IPA client)
>that has autofs home.
>IPA server is a fresh installation with just a couple of users. I had an
>installation previously that has more than a thousand user accounts on
>CentOS 6. Users did not have the slowness problem as with this new
>Hope this list can provide some pointers.
You might hit bug.
If you do not use SELinux ser mapping you can try to disable
put "selinux_provider = none" into domain section of sssd.conf
If it doesn't help you can tahe a look on sssd<->systemd conversation in
sssd-users mailing list