On Fri, Feb 28, 2020 at 12:30:55PM +0100, Ronald Wimmer via FreeIPA-users wrote: > On 25.02.20 11:27, Sumit Bose via FreeIPA-users wrote: > > 'cache_credentials' only control is the credentials given by the user, > > typically this is a password, is stored in the cache in a hashed > > version. > > In regard to caching, what happens when an AD user gets locked or changes > its password? When will the cached entry get invalidated? Do I have to take > manual action?
Hi, by default the SSSD AD provider read the userAccountControl attribute which will be updated if the cached user entry is expired. So the flag is the account is disabled will be updated automatically. The cached password hash will be updated when the user logs in the next time successfully with the new password. HTH bye, Sumit > > Cheers, > Ronald > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
