Bug 678412
Summary: | name service caches names, so id command shows recently deleted users | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Stephen Gallagher <sgallagh> |
Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> |
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.7 | CC: | benl, dmitry.guryanov, dpal, grajaiya, jgalipea, jhrozek, msvoboda, prc, sbose, sgallagh, ssorce |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.5.1-9.el5 | Doc Type: | Bug Fix |
Doc Text: |
Modifying or deleting a user or group account on an LDAP server did not result in an update of the cache on a login attempt. With this update, the cache is always properly updated during the login process. Outside of a login attempt, entries now remain as they were cached until the cache timeout expires.
|
Story Points: | --- |
Clone Of: | 677768 | Environment: | |
Last Closed: | 2011-07-21 08:09:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 677768 | ||
Bug Blocks: | 678410 |
Description
Stephen Gallagher
2011-02-17 20:51:30 UTC
Environment: IPA Server RHEL 6.1 IPA Client RHEL 5.7 1) add ipa user from server # ipa user-add --first myuser --last myuser myuser ------------------- Added user "myuser" ------------------- User login: myuser First name: myuser Last name: myuser Full name: myuser myuser Display name: myuser myuser Initials: mm Home directory: /home/myuser GECOS field: myuser Login shell: /bin/sh Kerberos principal: myuser@TESTRELM UID: 239400003 2) from client id user # id myuser uid=239400003(myuser) gid=239400003(myuser) groups=239400003(myuser),239400001(ipausers) context=root:system_r:unconfined_t:SystemLow-SystemHigh 3) From server delete user # ipa user-del myuser --------------------- Deleted user "myuser" --------------------- 4) from client id user # id myuser uid=239400003(myuser) gid=239400003(myuser) groups=239400003(myuser),239400001(ipausers) context=root:system_r:unconfined_t:SystemLow-SystemHigh wait a couple minutes ... # id myuser uid=239400003(myuser) gid=239400003(myuser) groups=239400003(myuser),239400001(ipausers) context=root:system_r:unconfined_t:SystemLow-SystemHigh wait 5 more minutes # id myuser uid=239400003(myuser) gid=239400003(myuser) groups=239400003(myuser),239400001(ipausers) context=root:system_r:unconfined_t:SystemLow-SystemHigh Versions: CLIENT ipa-client-2.0-14.el5 sssd-1.5.1-35.el5 SERVER ipa-server-2.0.0-23.el6.x86_64 Default entry cache time out is 90 minutes, in order for the cache for that user to be update (user removed) need to attempt login as the deleted user ... subsequent steps ,... ssh myuser@hostname myuser@hostname's password: Permission denied, please try again. log back in and id my user # id myuser id: myuser: No such user Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Modifying or deleting a user or group account on an LDAP server did not result in an update of the cache on a login attempt. With this update, the cache is always properly updated during the login process. Outside of a login attempt, entries now remain as they were cached until the cache timeout expires. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0975.html |