[CentOS] SSSD and cache persistence

Tue Aug 7 02:55:34 UTC 2018
Gordon Messmer <gordon.messmer at gmail.com>

On 08/06/2018 03:16 AM, Pete Biggs wrote:
> If the cache is invalid SSS will, obviously, go back to the source and
> return the information there, however, bizarrely, if the original
> source doesn't have the information (like when a user is deleted) the
> cached information is still returned. That cached information is
> retained for ever it seems so my supposedly deleted user accounts still
> appear to be active on the machines.

Best practice is to lock accounts, and not to delete them.