Hi, >> I wanted to use sss_cache to find out whether sssd is running in a >> connected or disconnected mode, but I found out it is not working the >> way I expected. >> >> # sss_cache -u ondrej >> - I expect all information about me is trashed > > sss_cache does not *delete* information. This is by design. It > immediately *expires* it so that the next request for it will go back to > the server and refresh it. > > The reason not to delete it is that if you're offline (or go that way > immediately after running sss_cache) you will not lose all your file > access.
I realize the benefit of this approach there's also a (corner) case where this can be surprising to an administrator. Think of an administrator doing the following on an offline system where "testuser" is in SSSD's cache and perhaps already deleted from LDAP: # pkill -U testuser # userdel -r testuser # sss_cache -u testuser At this point the administrator may easily be tempted to think that testuser is gone for good but actually as long as the system is offline, testuser can login as before and merrily continue doing whatever s/he was getting the kick from the administrator for. Cheers, -- Marko Myllynen _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
