-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/01/2011 03:36 PM, JR Aquino wrote:
Might someone be able to tell me how I can completely disable caching
in sssd.conf?
I've tweaked the entry cache vars but I don't seem to be getting immediate db
searches.
I'm trying to account for:
User exists in hbac posix group.
User is removed from hbac posix group
Should deny ssh login, but instead its permitted.
If I rudely delete all the caches from /var/lib/sss/db/* It will properly deny me
access.
Disabling caching or at least disabling the caching of hbac level data would be what I am
after.
Thanks!!!
Setting the entry_cache_timeout to something small (e.g. 1 second)
should work properly. If it does not, then there's likely a bug in our
group processing that isn't removing the memberOf link. Please try
setting this timeout and then provide logs of the
/var/log/sssd/sssd_<DOMAIN>.log, ideally at debug_level = 9.
SSSD cannot disable caching because it was designed around the concept
of allowing offline authentication. All lookups are cached so that if
the network connection becomes unavailable, the system can still
function properly.
As such, our internal operations are always performed against cached
entries, with those timeouts being used to determine when we need to
refresh the entries before using them.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk0hwloACgkQeiVVYja6o6MoWwCglHR8ov3ExH7sZZkkFb2t/9AW
f+cAoKlH01AkvAQ4DbWagQE3Zqnk53KQ
=k3xo
-----END PGP SIGNATURE-----