Hi, As discussed in #SSSD on Friday the TTL used in the nsupdate when SSSD carries out a needed update is set quite high (86400 seconds) and is not in line with the TTL originally by an IPA client install (1200 seconds).
I've filed bug #1476 for this on the SSSD fedorahosted trac instance and attached the proposed patch file there too... There are two patches - one against master (a git diff) and one suitable to adding to the current SRPM provided for SSSD in the centos 6.3 repository (so hopefully fine for RHEL in theory).... I've tested the one for the SRPM as working so hopefully the same will be fine on master... it's just the change of the integer after all... This is an initial patch to bring the SSSD nsupdate TTL in line with the IPA client install one... (since it's a quick and simple change). Over the course of the next couple of weeks I plan to refine this and submit a future update to have the value configurable in sssd.conf - along with a similar one the freeipa-devel lists for changes that end to expose TTL in the IPA UI and have the initial client install with a configurable TTL as well... Regards, James
sssd-ttl.diff
Description: Binary data
0049-TTL-fix.patch
Description: Binary data
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
