Hello, On a FreeIPA setup with AD trust I tried to centralize the ssh public keys of the users in FreeIPA and use the sss_ssh_authorizedkeys in client ssh config in order to retrieve the keys on the clients. I noticed that when the public key of a user is updated or an extra public key is added on the FreeIPA server it does not get refreshed on the client. Removing the cache (sss_cache -E and restart of sssd daemon) did not help. The only thing which helped was to remove the files in /var/lib/sss/db , but that is not feasible to run for hundreds/thounsands of clients whenever some key is updated. I would like to ask how the pub keys are refreshed/cached/stored and if there is any caching parameter which can be configured to periodically update the cache on the clients or if there is any other method which can make the setup more reliable ?
Best regards, iulian -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
