On Mon, 2018-08-06 at 19:55 -0700, Gordon Messmer wrote: > On 08/06/2018 03:16 AM, Pete Biggs wrote: > > If the cache is invalid SSS will, obviously, go back to the source and > > return the information there, however, bizarrely, if the original > > source doesn't have the information (like when a user is deleted) the > > cached information is still returned. That cached information is > > retained for ever it seems so my supposedly deleted user accounts still > > appear to be active on the machines. > > > Best practice is to lock accounts, and not to delete them. > I'm sure it is, but sometimes "best practice" gets over-ridden by "company policy" and "fix a problem". P.