Ticket #1016 (closed enhancement: fixed)

Opened 3 years ago

Last modified 2 years ago

Separate Cache Timeouts for SSSD

Reported by: sgallagh Owned by: sgallagh
Priority: major Milestone: SSSD 1.8 beta
Component: NSS Version: 1.6.1
Keywords: Cc:
Blocked By: Blocking:
Tests Updated: no Coverity Bug:
Patch Submitted: no Red Hat Bugzilla: 741981
Design link:
Feature Milestone:
Design review: Fedora test page:
Chosen: Candidate to push out:
Release Notes:

Description (last modified by dpal) (diff)

https://bugzilla.redhat.com/show_bug.cgi?id=742510

+++ This bug was initially created as a clone of Bug #741981 +++

Description of problem:
Currently SSSD has 1 monolithic timeout for nss data.  users / groups / netgroups.

This is impaction in situations where Sudo needs to get at updated netgroup data for Authorization decisions.  But can only acquire data from the (default 90 minute) cache.

How reproducible:
Always

Steps to Reproduce:
1. Setup an IPA / SSSD client for Sudo
2. Perform a Sudo action without the host added to the hostgroup/netgroup in a sudo rule.
3. Notice that the action is denied and cached.
4. Add the host to the hostgroup/netgroup that is in a sudo rule
5. Notice that the action is still denied.
  
Actual results:
Cached data is not updated

Expected results:
Cached data is individually timed out, or refreshed for actions such as sudo lookups.

Additional info:

Change History

comment:1 Changed 3 years ago by dpal

  • upgrade set to 0
  • Patch Submitted unset
  • Milestone changed from NEEDS_TRIAGE to SSSD 1.8.0
  • tests set to 0
  • Description modified (diff)
  • Tests Updated unset

comment:2 Changed 3 years ago by jhrozek

  • Red Hat Bugzilla set to 741981

comment:3 Changed 2 years ago by jhrozek

comment:4 Changed 2 years ago by dpal

  • Type changed from defect to enhancement

comment:5 Changed 2 years ago by dpal

This ticket should consider special cache timeout for every map type we support.

comment:6 Changed 2 years ago by dpal

There is a related ticket to deal with the timeout for netgroups #946

comment:7 Changed 2 years ago by mkosek

  • Red Hat Bugzilla changed from 741981 to [https://bugzilla.redhat.com/show_bug.cgi?id=741981 741981]

comment:8 Changed 2 years ago by dpal

  • Milestone changed from SSSD 1.8.0 to SSSD 1.7.91 (1.8.0 beta 1)

comment:9 Changed 2 years ago by sgallagh

  • Owner changed from somebody to jhrozek
  • Component changed from SysDB to NSS

comment:10 Changed 2 years ago by sgallagh

  • Owner changed from jhrozek to sgallagh
  • Status changed from new to assigned

comment:11 Changed 2 years ago by sgallagh

  • Status changed from assigned to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.