Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=742510
+++ This bug was initially created as a clone of Bug #741981 +++ Description of problem: Currently SSSD has 1 monolithic timeout for nss data. users / groups / netgroups. This is impaction in situations where Sudo needs to get at updated netgroup data for Authorization decisions. But can only acquire data from the (default 90 minute) cache. How reproducible: Always Steps to Reproduce: 1. Setup an IPA / SSSD client for Sudo 2. Perform a Sudo action without the host added to the hostgroup/netgroup in a sudo rule. 3. Notice that the action is denied and cached. 4. Add the host to the hostgroup/netgroup that is in a sudo rule 5. Notice that the action is still denied. Actual results: Cached data is not updated Expected results: Cached data is individually timed out, or refreshed for actions such as sudo lookups. Additional info:
Fields changed
coverity: => description: https://bugzilla.redhat.com/show_bug.cgi?id=742510
{{{ +++ This bug was initially created as a clone of Bug #741981 +++
Description of problem: Currently SSSD has 1 monolithic timeout for nss data. users / groups / netgroups.
This is impaction in situations where Sudo needs to get at updated netgroup data for Authorization decisions. But can only acquire data from the (default 90 minute) cache.
How reproducible: Always
Steps to Reproduce: 1. Setup an IPA / SSSD client for Sudo 2. Perform a Sudo action without the host added to the hostgroup/netgroup in a sudo rule. 3. Notice that the action is denied and cached. 4. Add the host to the hostgroup/netgroup that is in a sudo rule 5. Notice that the action is still denied.
Actual results: Cached data is not updated
Expected results: Cached data is individually timed out, or refreshed for actions such as sudo lookups.
Additional info: }}} => https://bugzilla.redhat.com/show_bug.cgi?id=742510
Additional info: }}}
milestone: NEEDS_TRIAGE => SSSD 1.8.0 patch: => 0 rhbz: => tests: => 0 testsupdated: => 0 upgrade: => 0
rhbz: => 741981
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=741981
type: defect => enhancement
This ticket should consider special cache timeout for every map type we support.
There is a related ticket to deal with the timeout for netgroups #946
rhbz: 741981 => [https://bugzilla.redhat.com/show_bug.cgi?id=741981 741981]
blockedby: => blocking: => milestone: SSSD 1.8.0 => SSSD 1.7.91 (1.8.0 beta 1)
component: SysDB => NSS owner: somebody => jhrozek
owner: jhrozek => sgallagh status: new => assigned
Fixed by bd92e8e
feature_milestone: => resolution: => fixed status: assigned => closed
Metadata Update from @sgallagh: - Issue assigned to sgallagh - Issue set to the milestone: SSSD 1.8 beta
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2058
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.