On 8.5.2014 02:53, William Brown wrote:
The way I read the SSH responder, calling
sysdb_update_ssh_known_host_expire() would be the right thing to do, but
I wonder if that would be enough or whether we'd need to call out to the
ssh responder to force writing out a new hosts file.
What you want to do is remove the entry from the cache, right? If so,
then sysdb_update_ssh_known_host_expire() is not the right thing to call.
What is the right thing to call? I would like to be able to expire
either a single host or all hosts ...
I'm afraid there is no right thing to call ATM, as there is no support
for cache invalidation in SSH host code. I guess you'll have to
implement it yourself.
Off the top of my head, you need to properly set SYSDB_CACHE_EXPIRE in
sysdb_store_ssh_host, return only unexpired hosts in
sysdb_get_ssh_known_hosts, make sysdb_search_ssh_hosts public and create
sysdb_set_ssh_host_attr (sysdb_update_ssh_hosts does the same, so you
can modify and rename it instead of writing a completely new function).
Why do you want to force writing out a new hosts file? The file should
never be used without sss_ssh_knownhostsproxy, which already takes care
of rewriting it.
Okay, that's good to know. I'll assume it's re-written every time it's
accessed then?
That's right.
--
Jan Cholasta
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
