In my case krb5kdc ist running out of leck mich, cause the host system hasn't realy enough system resources.
The correct thing to do is adjust net.ipv4.tcp_max_syn_backlog to a high enough value that it no longer fires this warning.
You will probably also want to adjust the TCP stack in general to have more memory.
An overview of the SSSD architecture
The SSSD consists of several processes, each of them has its own function. The SSSD processes can be one of the following:
1. the monitor - The purpose of the monitor process is to spawn the other processes, periodically ping them if to check if they are still running and respawn them if not. There...
Sometimes you'll need to setup a single point of authentification for e.g. to centralize stuff.
I've found a nice Document, about Integrating Linux systems with Active Directory using Open Source Tools from 2017.