[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] SSSD vs NSCD




User information and credential caching works as follows:
NSS:
Check the cache. If the user is present, check whether the
cache timeout has expired. If it is still valid, immediately return the
user. If the cache timeout has expired, check our online/offline status.
If the SSSD is offline, it will return the cache entry anyway (since
there's no way to refresh it)

Is there a method to make cache to expire even in offline mode (as it is with nscd)? Probably unnecessary for an ordinary user but who knows if someone needs that kind of a feature.

Steve, I do not think there is my it might make sense to have a tool that will flush the cache - sss_cache. Something for future.
Daniel can you please log an ER?
https://fedorahosted.org/sssd/
PAM:
Behaves similarly to NSS, except that we will first check
online/offline status. If we are online, we will always query the
authentication provider and cache the credentials. The cache will
be used only when the SSSD is offline.

Makes sense.

Thanks!



_______________________________________________
Freeipa-users mailing list
Freeipa-users redhat com
https://www.redhat.com/mailman/listinfo/freeipa-users


--
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]