Hi All,
I did more research and testing today.
1. For the third question, the answer is NO. offline_credentials_expiration starts from last successful online login
2. Another testing:
1) cache_credentials = True, account_cache_expiration = 2, offline_credentials_expiration = 1, cache_entry_timeout=60
2) Use user1 to login
3) After 5 mins (the entry in the sysdb should be expired by then), I shut down the LDAP server
4) Login as user1 successful
5) id user1 still returns
My Question:
Assumption 1: even user entry in the sysdb is expired before sssd enters offline mode, sssd will still use the expired cache
Assumption 2: cache will only be deleted from the sysdb when backend couldn't find the entry in the remote domain OR account_cache_expiration is reached.
Are these assumption correct ?
Thanks,
Aaron