[Freeipa-users] proper way to clear sssd cache without sss_cache?
Jakub Hrozek
jhrozek at redhat.com
Tue Feb 26 20:59:53 UTC 2013
On Tue, Feb 26, 2013 at 02:36:42PM -0500, Dmitri Pal wrote:
> On 02/26/2013 02:29 PM, KodaK wrote:
> > I know that at some point the sssd package (or maybe the tools
> > package) started including sss_cache for managing the sssd cache. I
> > have some RHEL5 boxes that don't have this utility.
> >
> > I've been stopping the sssd service, deleting the contents of
> > /var/lib/sss/db/ and then restarting and things seem to be working OK,
> > but I wanted to find out if there was a proper procedure?
> >
> > Thanks!
> >
> Yes it was the proper procedure until we added a tool.
The only thing to keep in mind is that by wiping out the whole cache
removes all cached passwords. Depending on whether you use
cache_credentials=True or whether your clients need to cache credentials
at all you do or don't care :-)
If you care, you might want to use the ldbmodify utility to instead
set the dataExpire timestamp to a timestamp from the past (this is what
sss_cache does internally btw)
More information about the Freeipa-users
mailing list