Bug 741981 - Separate Cache Timeouts for SSSD
Separate Cache Timeouts for SSSD
Product: Fedora
Classification: Fedora
Component: sssd (Show other bugs)
All All
unspecified Severity medium
: ---
: ---
Assigned To: Stephen Gallagher
Fedora Extras Quality Assurance
Depends On:
Blocks: 742510
  Show dependency treegraph
Reported: 2011-09-28 13:20 EDT by Jr Aquino
Modified: 2012-03-17 19:44 EDT (History)
4 users (show)

See Also:
Fixed In Version: sssd-1.8.1-7.fc16
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 742510 (view as bug list)
Last Closed: 2012-03-01 20:17:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
FedoraHosted SSSD 1016 None None None Never

  None (edit)
Description Jr Aquino 2011-09-28 13:20:27 EDT
Description of problem:
Currently SSSD has 1 monolithic timeout for nss data.  users / groups / netgroups.

This is impaction in situations where Sudo needs to get at updated netgroup data for Authorization decisions.  But can only acquire data from the (default 90 minute) cache.

How reproducible:

Steps to Reproduce:
1. Setup an IPA / SSSD client for Sudo
2. Perform a Sudo action without the host added to the hostgroup/netgroup in a sudo rule.
3. Notice that the action is denied and cached.
4. Add the host to the hostgroup/netgroup that is in a sudo rule
5. Notice that the action is still denied.
Actual results:
Cached data is not updated

Expected results:
Cached data is individually timed out, or refreshed for actions such as sudo lookups.

Additional info:
Comment 1 Jakub Hrozek 2011-11-10 07:09:44 EST
Upstream ticket:
Comment 2 Fedora Update System 2012-02-28 15:46:02 EST
sssd-1.8.0-6.fc17 has been submitted as an update for Fedora 17.
Comment 3 Fedora Update System 2012-02-28 16:10:01 EST
sssd-1.8.0-6.fc16 has been submitted as an update for Fedora 16.
Comment 4 Fedora Update System 2012-03-01 04:22:33 EST
Package sssd-1.8.0-6.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.8.0-6.fc16'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 5 Fedora Update System 2012-03-01 20:17:12 EST
sssd-1.8.0-6.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2012-03-17 19:44:00 EDT
sssd-1.8.1-7.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.