Description of problem: Currently SSSD has 1 monolithic timeout for nss data. users / groups / netgroups. This is impaction in situations where Sudo needs to get at updated netgroup data for Authorization decisions. But can only acquire data from the (default 90 minute) cache. How reproducible: Always Steps to Reproduce: 1. Setup an IPA / SSSD client for Sudo 2. Perform a Sudo action without the host added to the hostgroup/netgroup in a sudo rule. 3. Notice that the action is denied and cached. 4. Add the host to the hostgroup/netgroup that is in a sudo rule 5. Notice that the action is still denied. Actual results: Cached data is not updated Expected results: Cached data is individually timed out, or refreshed for actions such as sudo lookups. Additional info:
Upstream ticket: https://fedorahosted.org/sssd/ticket/1016
sssd-1.8.0-6.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/FEDORA-2012-2196/sssd-1.8.0-6.fc17
sssd-1.8.0-6.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/sssd-1.8.0-6.fc16
Package sssd-1.8.0-6.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing sssd-1.8.0-6.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-2725/sssd-1.8.0-6.fc16 then log in and leave karma (feedback).
sssd-1.8.0-6.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
sssd-1.8.1-7.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.