Hi Everyone, I'm running dovecot on a CentOS 7 box using PLAIN and GSSAPI auth. I need to use both because I have some clients that can't use GSSAPI. I haven't been able to get the userdb working properly without a password file and a userdb file. For example, I have to set the home default and change the username_format. I use FreeIPA and the dovecot server is joined properly to the realm. Authentication works (I don't have any passwords in the userdb file). The problem is authentication is slow. When I use Roundcube, the login takes longer than it should. In fact, every operation (changing folders, opening an email, replying, etc.) is just slow. The web server where Roundcube is running is barely loaded, the dovecot server isn't loaded and the FreeIPA server is basically sitting idle. When I watch /var/log/secure as I login to roundcube, I see this in the logs: http://pastebin.ca/3620032 Why is pam_unix being hit and then pam_sss? I'm thinking the pam_unix failures are the reason why the auth is slow. Here's the output from dovecot -n: http://pastebin.ca/3620029 I'm sure I haven't configured something correctly, hence the performance problems. Any help would be appreciated. -- Ranbir -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20160607/1925c201/attachment-0001.sig>
Sent from my iPhone> On Jun 7, 2016, at 11:07 AM, Ranbir <m3freak at thesandhufamily.ca> wrote: > > Hi Everyone, > > I'm running dovecot on a CentOS 7 box using PLAIN and GSSAPI auth. I > need to use both because I have some clients that can't use GSSAPI. > > I haven't been able to get the userdb working properly without a > password file and a userdb file. For example, I have to set the home > default and change the username_format. > > I use FreeIPA and the dovecot server is joined properly to the realm. > Authentication works (I don't have any passwords in the userdb file). > > The problem is authentication is slow. When I use Roundcube, the login > takes longer than it should. In fact, every operation (changing > folders, opening an email, replying, etc.) is just slow. The web server > where Roundcube is running is barely loaded, the dovecot server isn't > loaded and the FreeIPA server is basically sitting idle. > > When I watch /var/log/secure as I login to roundcube, I see this in the > logs: > > http://pastebin.ca/3620032 > > Why is pam_unix being hit and then pam_sss? I'm thinking the pam_unix > failures are the reason why the auth is slow. >You have Pam as your passdb driver.> Here's the output from dovecot -n: > > http://pastebin.ca/3620029 > > I'm sure I haven't configured something correctly, hence the > performance problems. > > Any help would be appreciated. > > > -- > Ranbir
On Tue, 2016-06-07 at 11:45 -0500, Edgar Pettijohn wrote:> You have Pam as your passdb driver.Yes, because I have to. How else would I get Dovecot to authenticate users against my FreeIPA server? -- Ranbir -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20160607/06439d15/attachment.sig>