On Wed, 2017-05-31 at 10:59 +0200, Jakub Hrozek wrote: > On Wed, May 31, 2017 at 10:31:38AM +0200, Lukas Slebodnik wrote: > > ehlo, > > > > I had a discussion with QEs and realized that sssd need to be > > restarted > > if default_ccache_name is changed in krb5 configuration files. > > > > The reason is that we cache the value but do not refresh it. > > https://pagure.io/SSSD/sssd/blob/master/f/src/providers/krb5/krb5_c > > ommon.c#_264 > > > > We might changed that using inotify. But we would need to change. > > I am not sure whether it will be trivail to change because we would > > need to > > change cached value in "struct dp_option *opts" for all domains > > (including > > subdomains) > > > > ATM the safest way is to restart sssd. But do we want to be more > > flexible here? > > We could do one thing that Simo proposed some time ago which is to > not > cache the KRB5CCNAME at all if it only contains 'predictable' > components. > > For example, KEYRING:$uid or KCM: don't need to be cached at all. > FILE:krb5ccname_XXXXX does.
+1 Simo. _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
