Hey again,
I'm trying to track down how to ensure ssh keys are added AND removed quickly.
Right now it seems I must restart ipa services or sss_cache -E to force them to update, and there doesn't seem to be a determinate amount of time to allow replication.
Note, SSH keys are stored in the "Default View" for external users (external one-way trust with AD).
Thanks,
-Jake