Hello Jakub! Sorry for delayed email, My bad, I disabled cache_credentials, not sssd_cache.
I tried modified my user `dewangga` to remove sudo rules, the cache still active even I restart the sssd service and delete all ccache* files. There's no information on sssd log folder. -rw-------. 1 root root 0 Jul 29 19:26 krb5_child.log -rw-------. 1 root root 105K Jul 30 04:49 ldap_child.log -rw-------. 1 root root 0 Jul 29 19:26 sssd.log -rw-------. 1 root root 0 Jul 29 19:26 sssd_merahciptamedia.co.id.log -rw-------. 1 root root 0 Jul 29 19:26 sssd_nss.log -rw-------. 1 root root 0 Jul 29 19:26 sssd_pac.log -rw-------. 1 root root 0 Jul 29 19:26 sssd_pam.log -rw-------. 1 root root 0 Jul 29 19:26 sssd_ssh.log -rw-------. 1 root root 0 Jul 29 19:26 sssd_sudo.log On 07/30/2015 02:33 PM, Jakub Hrozek wrote: > On Thu, Jul 30, 2015 at 02:26:03PM +0700, NitrouZ wrote: >> Hello! >> >> I set the cache value to False on sssd.conf. (On IPA server and client). > > Can you show me the exact config directive you used? > >> >> On Thursday, July 30, 2015, Jakub Hrozek <jhro...@redhat.com> wrote: >> >>> On Wed, Jul 29, 2015 at 10:03:14PM +0700, Dewangga wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Hello! >>>> >>>> Thanks for the hints both of you, yes the sssd_cache is in play. >>>> I've set the cache to false, is it have any impact to ipa >>>> server/client (performance, security or another issue)? >>> >>> How exactly did you 'disable' the cache? The sssd cache can't be >>> disabled, it can either be removed manually or the cache lifetime can be >>> set short.. >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project >>> >> >> >> -- >> Sent from iDewangga Device -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project