By default, KCM has a 60-second idle client timeout. This might not be enough, because the client is often kinit, so there is some user interaction involved.
Pushed PR: https://github.com/SSSD/sssd/pull/5288 * `master` * 00ae18dc9fd05a0dd12043d50a7fc0f1123bbc85 - KCM: Increase client idle timeout to 5 minutes
With fixed and unfixed both have infinite time waiting : [root@ci-vm-10-0-137-97 sssd]# systemctl stop sssd ; rm -rf /var/log/sssd/* ; rm -rf /var/lib/sss/db/* ; systemctl start sssd [root@ci-vm-10-0-137-97 sssd]# systemctl restart sssd-kcm [root@ci-vm-10-0-137-97 sssd]# id foo1@example1 uid=14583101(foo1@example1) gid=14564100(ldapusers@example1) groups=14564100(ldapusers@example1) [root@ci-vm-10-0-137-97 sssd]# date Thu Nov 5 02:20:51 EST 2020 [root@ci-vm-10-0-137-97 sssd]# kinit foo1 Password for foo1: kinit: Password read interrupted while getting initial credentials [root@ci-vm-10-0-137-97 sssd]# date Thu Nov 5 02:46:00 EST 2020 [root@ci-vm-10-0-137-97 sssd]# rpm -qa | grep sssd sssd-nfs-idmap-2.3.0-9.el8.x86_64 sssd-krb5-common-2.4.0-1.el8.x86_64 sssd-ipa-2.4.0-1.el8.x86_64 sssd-common-2.4.0-1.el8.x86_64 sssd-krb5-2.4.0-1.el8.x86_64 sssd-common-pac-2.4.0-1.el8.x86_64 sssd-ad-2.4.0-1.el8.x86_64 sssd-2.4.0-1.el8.x86_64 sssd-client-2.4.0-1.el8.x86_64 sssd-ldap-2.4.0-1.el8.x86_64 python3-sssdconfig-2.4.0-1.el8.noarch sssd-kcm-2.4.0-1.el8.x86_64 [root@ci-vm-10-0-137-97 sssd]# KCM log: [root@ci-vm-10-0-137-97 sssd]# cat sssd_kcm.log (2020-11-05 2:28:07): [kcm] [orderly_shutdown] (0x0010): SIGTERM: killing children [root@ci-vm-10-0-137-97 sssd]# sssd.conf: [root@ci-vm-10-0-137-97 sssd]# cat sssd.conf [sssd] config_file_version = 2 services = nss, pam domains = example1 [domain/example1] ldap_search_base = dc=example,dc=test id_provider = ldap auth_provider = ldap ldap_user_home_directory = /home/%u ldap_uri = ldaps://ci-vm-10-0-138-55.hosted.upshift.rdu2.redhat.com ldap_tls_cacert = /etc/openldap/cacerts/cacert.pem use_fully_qualified_names = True debug_level = 9 [root@ci-vm-10-0-137-97 sssd]# It was waiting infinitely after: kinit foo1 Any other config change i have to do ?
With Unfixed version: (Thu Nov 5 22:33:04 2020) [sssd[kcm]] [client_close_fn] (0x2000): Terminated client [0x555fb5bbb330][15] (Thu Nov 5 22:33:34 2020) [sssd[kcm]] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x555fb5bbb080][14] (Thu Nov 5 22:34:04 2020) [sssd[kcm]] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x555fb5bbb080][14] (Thu Nov 5 22:34:34 2020) [sssd[kcm]] [client_idle_handler] (0x2000): Terminating idle client [0x555fb5bbb080][14] (Thu Nov 5 22:34:34 2020) [sssd[kcm]] [client_close_fn] (0x2000): Terminated client [0x555fb5bbb080][14] [root@ci-vm-10-0-139-39 sssd]# rpm -qa | grep sssd sssd-ldap-2.2.0-19.el8.x86_64 sssd-ipa-2.2.0-19.el8.x86_64 sssd-common-2.2.0-19.el8.x86_64 sssd-client-2.2.0-19.el8.x86_64 sssd-nfs-idmap-2.2.0-19.el8.x86_64 sssd-kcm-2.2.0-19.el8.x86_64 sssd-krb5-common-2.2.0-19.el8.x86_64 sssd-krb5-2.2.0-19.el8.x86_64 sssd-proxy-2.2.0-19.el8.x86_64 sssd-2.2.0-19.el8.x86_64 sssd-common-pac-2.2.0-19.el8.x86_64 python3-sssdconfig-2.2.0-19.el8.noarch sssd-ad-2.2.0-19.el8.x86_64 With Fixed version: (2020-11-05 22:39:39): [kcm] [client_close_fn] (0x2000): Terminated client [0x5581403586d0][15] (2020-11-05 22:42:06): [kcm] [responder_idle_handler] (0x2000): Re-scheduling the idle timeout for the responder [0x558140353340] (2020-11-05 22:42:06): [kcm] [schedule_responder_idle_timer] (0x2000): Re-scheduling the idle timeout for the responder [0x558140353340] (2020-11-05 22:42:09): [kcm] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x558140358420][14] (2020-11-05 22:44:36): [kcm] [responder_idle_handler] (0x2000): Re-scheduling the idle timeout for the responder [0x558140353340] (2020-11-05 22:44:36): [kcm] [schedule_responder_idle_timer] (0x2000): Re-scheduling the idle timeout for the responder [0x558140353340] (2020-11-05 22:44:39): [kcm] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x558140358420][14] (2020-11-05 22:47:06): [kcm] [responder_idle_handler] (0x2000): Terminating idle responder [0x558140353340] (2020-11-05 22:47:06): [kcm] [kcm_responder_ctx_destructor] (0x0400): Responder is being shut down (2020-11-05 22:47:06): [kcm] [client_close_fn] (0x2000): Terminated client [0x558140358420][14] (2020-11-05 22:47:06): [kcm] [orderly_shutdown] (0x0010): SIGTERM: killing children (2020-11-05 22:47:06): [kcm] [orderly_shutdown] (0x0040): Shutting down (status = 0) [root@ci-vm-10-0-137-54 sssd]# rpm -qa | grep sssd sssd-krb5-common-2.4.0-1.el8.x86_64 sssd-ipa-2.4.0-1.el8.x86_64 sssd-common-2.4.0-1.el8.x86_64 sssd-krb5-2.4.0-1.el8.x86_64 sssd-common-pac-2.4.0-1.el8.x86_64 sssd-ad-2.4.0-1.el8.x86_64 sssd-2.4.0-1.el8.x86_64 sssd-client-2.4.0-1.el8.x86_64 sssd-ldap-2.4.0-1.el8.x86_64 python3-sssdconfig-2.4.0-1.el8.noarch sssd-kcm-2.4.0-1.el8.x86_64
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (sssd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:1666