[Freeipa-users] SSSD vs NSCD
Dmitri Pal
dpal at redhat.com
Fri Jun 12 14:49:14 UTC 2009
>> User information and credential caching works as follows:
>> NSS:
>> Check the cache. If the user is present, check whether the
>> cache timeout has expired. If it is still valid, immediately return the
>> user. If the cache timeout has expired, check our online/offline status.
>> If the SSSD is offline, it will return the cache entry anyway (since
>> there's no way to refresh it)
>>
>
> Is there a method to make cache to expire even in offline mode (as it is with nscd)? Probably unnecessary for an ordinary user but who knows if someone needs that kind of a feature.
>
>
Steve, I do not think there is my it might make sense to have a tool
that will flush the cache - sss_cache. Something for future.
Daniel can you please log an ER?
https://fedorahosted.org/sssd/
>> PAM:
>> Behaves similarly to NSS, except that we will first check
>> online/offline status. If we are online, we will always query the
>> authentication provider and cache the credentials. The cache will
>> be used only when the SSSD is offline.
>>
>
> Makes sense.
>
> Thanks!
>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list