[Freeipa-users] Is there any delay after applied rules to user?

[Dewangga Bachrul Alam]

Hello Jakub!

Sorry for delayed email,
My bad, I disabled cache_credentials, not sssd_cache.

I tried modified my user `dewangga` to remove sudo rules, the cache
still active even I restart the sssd service and delete all ccache* files.

There's no information on sssd log folder.

-rw-------.  1 root root    0 Jul 29 19:26 krb5_child.log
-rw-------.  1 root root 105K Jul 30 04:49 ldap_child.log
-rw-------.  1 root root    0 Jul 29 19:26 sssd.log
-rw-------.  1 root root    0 Jul 29 19:26 sssd_merahciptamedia.co.id.log
-rw-------.  1 root root    0 Jul 29 19:26 sssd_nss.log
-rw-------.  1 root root    0 Jul 29 19:26 sssd_pac.log
-rw-------.  1 root root    0 Jul 29 19:26 sssd_pam.log
-rw-------.  1 root root    0 Jul 29 19:26 sssd_ssh.log
-rw-------.  1 root root    0 Jul 29 19:26 sssd_sudo.log


On 07/30/2015 02:33 PM, Jakub Hrozek wrote:
> On Thu, Jul 30, 2015 at 02:26:03PM +0700, NitrouZ wrote:
>> Hello!
>>
>> I set the cache value to False on sssd.conf. (On IPA server and client).
> 
> Can you show me the exact config directive you used?
> 
>>
>> On Thursday, July 30, 2015, Jakub Hrozek <jhrozek at redhat.com> wrote:
>>
>>> On Wed, Jul 29, 2015 at 10:03:14PM +0700, Dewangga wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Hello!
>>>>
>>>> Thanks for the hints both of you, yes the sssd_cache is in play.
>>>> I've set the cache to false, is it have any impact to ipa
>>>> server/client (performance, security or another issue)?
>>>
>>> How exactly did you 'disable' the cache? The sssd cache can't be
>>> disabled, it can either be removed manually or the cache lifetime can be
>>> set short..
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>>
>>
>>
>> -- 
>> Sent from iDewangga Device