On Wed, May 31, 2017 at 10:31:38AM +0200, Lukas Slebodnik wrote: > ehlo, > > I had a discussion with QEs and realized that sssd need to be restarted > if default_ccache_name is changed in krb5 configuration files. > > The reason is that we cache the value but do not refresh it. > https://pagure.io/SSSD/sssd/blob/master/f/src/providers/krb5/krb5_common.c#_264 > > We might changed that using inotify. But we would need to change. > I am not sure whether it will be trivail to change because we would need to > change cached value in "struct dp_option *opts" for all domains (including > subdomains) > > ATM the safest way is to restart sssd. But do we want to be more flexible > here?
We could do one thing that Simo proposed some time ago which is to not cache the KRB5CCNAME at all if it only contains 'predictable' components. For example, KEYRING:$uid or KCM: don't need to be cached at all. FILE:krb5ccname_XXXXX does. _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
