Bug 741981 - Separate Cache Timeouts for SSSD
Summary: Separate Cache Timeouts for SSSD
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: sssd
Version: 15
Hardware: All
OS: All
unspecified
medium
Target Milestone: ---
Assignee: Stephen Gallagher
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 742510
TreeView+ depends on / blocked
 
Reported: 2011-09-28 17:20 UTC by Jr Aquino
Modified: 2020-05-02 16:25 UTC (History)
4 users (show)

Fixed In Version: sssd-1.8.1-7.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 742510 (view as bug list)
Environment:
Last Closed: 2012-03-02 01:17:12 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
FedoraHosted SSSD 1016 0 None None None Never
Github SSSD sssd issues 2058 0 None None None 2020-05-02 16:25:55 UTC

Description Jr Aquino 2011-09-28 17:20:27 UTC
Description of problem:
Currently SSSD has 1 monolithic timeout for nss data.  users / groups / netgroups.

This is impaction in situations where Sudo needs to get at updated netgroup data for Authorization decisions.  But can only acquire data from the (default 90 minute) cache.

How reproducible:
Always

Steps to Reproduce:
1. Setup an IPA / SSSD client for Sudo
2. Perform a Sudo action without the host added to the hostgroup/netgroup in a sudo rule.
3. Notice that the action is denied and cached.
4. Add the host to the hostgroup/netgroup that is in a sudo rule
5. Notice that the action is still denied.
  
Actual results:
Cached data is not updated

Expected results:
Cached data is individually timed out, or refreshed for actions such as sudo lookups.

Additional info:

Comment 1 Jakub Hrozek 2011-11-10 12:09:44 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1016

Comment 2 Fedora Update System 2012-02-28 20:46:02 UTC
sssd-1.8.0-6.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/FEDORA-2012-2196/sssd-1.8.0-6.fc17

Comment 3 Fedora Update System 2012-02-28 21:10:01 UTC
sssd-1.8.0-6.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/sssd-1.8.0-6.fc16

Comment 4 Fedora Update System 2012-03-01 09:22:33 UTC
Package sssd-1.8.0-6.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.8.0-6.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-2725/sssd-1.8.0-6.fc16
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2012-03-02 01:17:12 UTC
sssd-1.8.0-6.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2012-03-17 23:44:00 UTC
sssd-1.8.1-7.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.