On Tue, 2012-04-17 at 13:29 -0400, Dmitri Pal wrote: > On 04/17/2012 12:19 PM, Pavel Březina wrote: > > This is what simo and I made up in the last few days: > > > > https://fedorahosted.org/sssd/wiki/DesignDocs/SUDOCachingRules > > > > I tried to go to the details so we can avoid further problems. > > Please, review it and tell us what is not good or clear enough. > > > > Thanks, > > Pavel. > > _______________________________________________ > > sssd-devel mailing list > > sssd-devel@lists.fedorahosted.org > > https://fedorahosted.org/mailman/listinfo/sssd-devel > > Should we also do per user smart updates when the user runs sudo?
I had that point in the flow, but we decided to pull it out and defer it for the first go, and do a simpler implementation. > Might be costly but probably should be an option. May be when user > logs in. The way to do it was planned to be with storing the last smart update time in the user account, and if both this timestamp and the global last update timestamp were older than a threshold (5 min?) then we would do a smart update as step 1 in B. > Should we create a tool to force full refresh of the rules > immediately? > > Yes, eventually, but this can be deferred. For testing purposes a command to force a full refresh now is very valuable as well as for admins, so we should have it as part of the first implementation. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
