Description of problem: On my laptop, I have SSSD (LDAP ident and Kerberos Auth) configured. If I suspend my laptop, and resume while no longer connected to physical ethernet, the gnome-screensaver password prompt takes a long while (~60sec) to display and allow login. Stephen Gallagher explained this is due to the changed network settings between the suspend and resume actions, and sssd times out attempting to use the original network settings. Version-Release number of selected component (if applicable): * sssd-1.1.1-3.fc13.x86_64 * gnome-screensaver-2.30.0-1.fc13.x86_64 * NetworkManager-0.8.0-8.git20100426.fc13.x86_64 How reproducible: Steps to Reproduce: 1. Configure SSSD for LDAP (ident) and Kerberos (auth) 2. Connect system to physical ethernet (no VPN required to access LDAP and Kerberos servers) 3. Login to gnome desktop as a valid user 4. Suspend workstation 5. Unplug from physical ethernet 6. Resume workstation Actual results: * It takes a long while (~60sec) to offer passphrase prompt. There isn't any notification or "busy" icon to indicate the system is attempting to identify the logged in user. * During this time, I'm also unable to login on any tty consoles. Expected results: * Prompted for screensaver passphrase in a reasonable time frame Additional info: * IRC converstaion with sgallagh explaining the promblem in more detail ... 08:24:43 sgallagh: jlaska: That actually CAN be related to SSSD, though I don't know about your particular case. (And only if the user you're logged in as is an SSSD user) 08:25:17 sgallagh: jlaska: Basically, if the VPN dropped while you were in screensaver, it may attempt to contact the auth server first, then switch to offline operation once the timeout hits 08:25:41 sgallagh: (or if any other network interruption occurred, but VPN is the common case) 08:26:32 sgallagh: jlaska: The reason is that we always attempt to perform online authentication if the SSSD is marked as operating in online mode, to guarantee that changes on the central server are picked up immediately. 08:27:14 sgallagh: A few people have suggested that screensaver unlocks should happen with cached credentials, but I don't like that because it eliminates our ability to automatically refresh Kerberos tickets when unlocking. 08:31:19 jlaska: sgallagh: ah okay, so you're already well versed in the problem space! :) 08:31:45 jlaska: sgallagh: you're right, I think everytime I see this it's when suspending while connected to physical ethernet, then resuming when no longer connected 08:33:17 sgallagh: jlaska: Something we're looking into doing in the future is registering with NetworkManager to be notified if the network status has changed 08:34:01 sgallagh: jlaska: That way we can tell the backend to go into offline mode immediately, then try to reconnect in 30s or so 08:35:04 jlaska: sgallagh: no worries, thanks for describing the problem space 08:35:28 sgallagh: any time 08:35:46 sgallagh: I don't think we actually have a BZ filed on that, so feel free
Upstream enhancement request opened: https://fedorahosted.org/sssd/ticket/456
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Adding CommonBugs keyword for consideration as an entry on http://fedoraproject.org/wiki/Common_F13_bugs Will revisit this issue after review and either 1) to document this issue, or 2) remove the keyword.
sssd-1.1.92-11.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/sssd-1.1.92-11.fc13
sssd-1.1.92-11.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update sssd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/sssd-1.1.92-11.fc13
Verified with sssd-1.1.92-11 and sssd-1.2.0-12
sssd-1.2.0-12.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update sssd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/sssd-1.2.0-12.fc13
sssd-1.2.0-12.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.