DescriptionStriker Leggette
2020-08-19 13:27:00 UTC
[+] Description of problem:
- When using SSSD with "id_provider = files", the SSSD service will time out during enum_files_users when there is 150k+ local users.
[+] Version-Release number of selected component (if applicable):
- sssd-2.2.3-20.el8.x86_64
[+] How reproducible:
- Always
[+] Steps to Reproduce:
1. Create 150k local users
2. Configure sssd.conf for files id provider and krb5 auth provider
3. Start SSSD service
[+] Actual results:
- SSSD service times out
- Authentication takes a long time to complete
- 'id', 'ls' and similar commands time out
[+] Expected results:
- Since pam_krb5.so has been removed in favor of only using SSSD, SSSD should be able to perform the same exact function in some way without any sort of 'caching'
[+] Additional info:
1. We've set "pwfield = *" within [nss]
2. We've set "enable_files_domain = false" within [sssd]
3. We've set "TimeoutStartUSec" in /etc/systemd/system/sssd.service to 10m.