On Tue, May 30, 2017 at 02:18:18PM -0400, Jake via FreeIPA-users wrote:
Looks like this is applied immediately, but required a service sssd restart; sss_cache -E
Do these attributes have a TTL set?
I know these are all SSSD Specific questions, and not directly related to FreeIPA.
The keys are stored in the SSSD cache and the cache objects have a lifetime. Please check entry_cache_timeout or entry_cache_user_timeout in man sssd.conf for details.
HTH
bye, Sumit
Thanks, Jake
From: "freeipa-users" freeipa-users@lists.fedorahosted.org To: "freeipa-users" freeipa-users@lists.fedorahosted.org Cc: "Jake" email@ml.jacobdevans.com Sent: Tuesday, May 30, 2017 1:15:32 PM Subject: [Freeipa-users]SSH Key replication time/issues
Hey again, I'm trying to track down how to ensure ssh keys are added AND removed quickly.
Right now it seems I must restart ipa services or sss_cache -E to force them to update, and there doesn't seem to be a determinate amount of time to allow replication.
Note, SSH keys are stored in the "Default View" for external users (external one-way trust with AD).
Thanks, -Jake
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org