[CentOS] SSSD and cache persistence

Tue Aug 7 08:08:08 UTC 2018
Pete Biggs <pete at biggs.org.uk>

On Mon, 2018-08-06 at 19:55 -0700, Gordon Messmer wrote:
> On 08/06/2018 03:16 AM, Pete Biggs wrote:
> > If the cache is invalid SSS will, obviously, go back to the source and
> > return the information there, however, bizarrely, if the original
> > source doesn't have the information (like when a user is deleted) the
> > cached information is still returned. That cached information is
> > retained for ever it seems so my supposedly deleted user accounts still
> > appear to be active on the machines.
> Best practice is to lock accounts, and not to delete them.
I'm sure it is, but sometimes "best practice" gets over-ridden by
"company policy" and "fix a problem".