On 2024-09-23 11:45:56, Harald Dunkel via FreeIPA-users wrote:
Hi folks,
is there some way to disable sssd's password cache? Everytime
a colleague changes his password, he has problems with our
dovecot server, because it runs into a permission denied, until
some privileged user runs "sss_cache -u name" or "sss_cache -E"
or similar.
AFAIU the password is stored for 5400 seconds. Apparently thats
too long. Caching passwords while sssd is connected to LDAP and
Kerberos might be considered a bad idea, anyway. There is an
undocumented option krb5_store_password_if_offline in sssd.conf.
Maybe there are other undocumented options as well?
PS: I don't want to disable caching credentials completely. Sssd
should recognize *changed* credentials, ie a mismatch between the
local cache and the data on the FreeIPA server.
Regards
Harri
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
