On Tue, May 30, 2017 at 02:18:18PM -0400, Jake via FreeIPA-users wrote:
> Looks like this is applied immediately, but required a service sssd restart; 
> sss_cache -E 
> 
> Do these attributes have a TTL set? 
> 
> I know these are all SSSD Specific questions, and not directly related to 
> FreeIPA. 

The keys are stored in the SSSD cache and the cache objects have a
lifetime. Please check entry_cache_timeout or entry_cache_user_timeout
in man sssd.conf for details.

HTH

bye,
Sumit

> 
> Thanks, 
> Jake 
> 
> 
> From: "freeipa-users" <freeipa-users@lists.fedorahosted.org> 
> To: "freeipa-users" <freeipa-users@lists.fedorahosted.org> 
> Cc: "Jake" <em...@ml.jacobdevans.com> 
> Sent: Tuesday, May 30, 2017 1:15:32 PM 
> Subject: [Freeipa-users]SSH Key replication time/issues 
> 
> Hey again, 
> I'm trying to track down how to ensure ssh keys are added AND removed 
> quickly. 
> 
> Right now it seems I must restart ipa services or sss_cache -E to force them 
> to update, and there doesn't seem to be a determinate amount of time to allow 
> replication. 
> 
> Note, SSH keys are stored in the "Default View" for external users (external 
> one-way trust with AD). 
> 
> Thanks, 
> -Jake 
> 
> _______________________________________________ 
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org 
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org 

> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to