On Thu, Jan 21, 2010 at 08:03:53PM -0500, Simo Sorce wrote: > On Thu, 21 Jan 2010 19:50:04 -0500 > Simo Sorce <sso...@redhat.com> wrote: > > > The Last login date can be used to decide when to delete a user > > account from the cache. This is not the same as the expiration date, > > the expiration date is used to decide when it is time to refresh the > > data even if we have it. So if the user data is expired, and the last > > login date is X days in the past, we can decide to remove the user > > from the cache without having to check the central authority (the > > LDAP server).
Do you think that X=0 should mean never delete, but only refresh/update the data? Further we need to check that X is larger than offline_credentials_expiration. This also means that if offline_credentials_expiration=0 is it not possible to delete the user data. Otherwise I'm fine and I think it's a good strategy to keep the cache clean and slim. bye, Sumit > > I forgot one bit here. > We might decide to check also if the user is currently logged in. I can > imagine a case where a user suspends the laptop for a few days and > un-suspends later while offline. > I think it would be bad form to wipe out the user data while the user > is still working on the computer :) > > If I recall correctly we already have code to check if a user is > currently logged in, so this shouldn't be difficult to account for. > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
