On 09/11/2012 09:54 AM, Ondrej Valousek wrote:
What about introducing another parameter (say -f for "force") which would delete the information at once?
Does it make any sense?

Ondrej

On 09/11/2012 03:52 PM, Marko Myllynen wrote: 
Hi,


I wanted to use sss_cache to find out whether sssd is running in a
connected or disconnected mode, but I found out it is not working the
way I expected.

# sss_cache -u ondrej
- I expect all information about me is trashed

sss_cache does not *delete* information. This is by design. It
immediately *expires* it so that the next request for it will go back to
the server and refresh it.

The reason not to delete it is that if you're offline (or go that way
immediately after running sss_cache) you will not lose all your file
access.

I realize the benefit of this approach there's also a (corner) case
where this can be surprising to an administrator. Think of an
administrator doing the following on an offline system where "testuser"
is in SSSD's cache and perhaps already deleted from LDAP:

# pkill -U testuser
# userdel -r testuser
# sss_cache -u testuser

At this point the administrator may easily be tempted to think that
testuser is gone for good but actually as long as the system is offline,
testuser can login as before and merrily continue doing whatever s/he
was getting the kick from the administrator for.

Cheers,



_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

https://fedorahosted.org/sssd/ticket/1520

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/