Bug 1103249
Summary: | PAC responder needs much time to process large group lists | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jakub Hrozek <jhrozek> | ||||
Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> | ||||
Status: | CLOSED ERRATA | QA Contact: | Steeve Goveas <sgoveas> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 7.0 | CC: | ccoursey, grajaiya, jgalipea, jhrozek, jnansi, lslebodn, mkosek, mnavrati, mvarun, nsoman, parsonsa, pbrezina, sgoveas | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | sssd-1.14.0-0.2.beta1.el7 | Doc Type: | Bug Fix | ||||
Doc Text: |
Under certain circumstances, the algorithm in the Privilege Attribute Certificate (PAC) responder component of the System Security Services Daemon (SSSD) does not effectively handle users who are members of a large number of groups. As a consequence, logging from Windows clients to Red Hat Enterprise Linux clients with Kerberos single sign-on (SSO) can be noticeably slow. There is currently no known workaround available.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-11-04 07:10:37 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1172231, 1205926 | ||||||
Attachments: |
|
Description
Jakub Hrozek
2014-05-30 14:25:02 UTC
*** Bug 1205926 has been marked as a duplicate of this bug. *** * d0d7de66c9494621c1bc12384e41e5e38a77fbeb * c371993cce13edb9185a5f0db76fbee03f0edc04 * 1df6751f81f7d9c225463f76b9789b0cc7a0de8b * aa0f39c7c09a55efc8d2282ca56e0e93e220aeba * 63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4 * 28f336bdb32db0b89cb98174a3f8e308e4e928db * 7cf0f78d832c7a09b59ee9f91cedc427c0253cd4 * cce3e8526176ce2fe9baa5bda1bb457b996b7bcf Hello Jakub, We have a customer running RHEL-7.2 who might benefit from this fix, can we get a test package incorporating this fix? Thank you, Jatin Verified ipa-client-4.4.0-7.el7.x86_64 sssd-1.14.0-15.el7.x86_64 Now response is much faster to process large group lists compare to 7.2(sssd-1.13.0-40.el7.x86_64) Please find the attached file which contains console output. ######## On 7.3 Client ########### # service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service [root@host128 ~]# date; ssh -l aduser99 master72.testrelm.test Thu Sep 22 19:10:14 IST 2016 Password: Last login: Thu Sep 22 19:05:13 2016 from dhcp35-128.lab.eng.blr.redhat.com -sh-4.2$ logout Connection to master72.testrelm.test closed. [root@host128 ~]# date Thu Sep 22 19:10:31 IST 2016 [root@host128 ~]# rpm -qa ipa-client sssd ipa-client-4.4.0-7.el7.x86_64 sssd-1.14.0-15.el7.x86_64 ######## On 7.2 Client ########### root@client72 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service [root@client72 ~]# date Thu Sep 22 09:08:34 EDT 2016 [root@client72 ~]# ssh -l aduser99 master72.testrelm.test Password: Last login: Thu Sep 22 16:55:47 2016 from auto-hv-01-guest06.idmqe.lab.eng.bos.redhat.com -sh-4.2$ -sh-4.2$ logout Connection to master72.testrelm.test closed. [root@client72 ~]# date Thu Sep 22 09:11:00 EDT 2016 [root@client72 ~]# rpm -qa ipa-client sssd ipa-client-4.2.0-15.el7.x86_64 sssd-1.13.0-40.el7.x86_64 Created attachment 1203769 [details]
console output
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2476.html |