On Thu, Jan 21, 2010 at 08:03:53PM -0500, Simo Sorce wrote:
On Thu, 21 Jan 2010 19:50:04 -0500
Simo Sorce <ssorce(a)redhat.com> wrote:
> The Last login date can be used to decide when to delete a user
> account from the cache. This is not the same as the expiration date,
> the expiration date is used to decide when it is time to refresh the
> data even if we have it. So if the user data is expired, and the last
> login date is X days in the past, we can decide to remove the user
> from the cache without having to check the central authority (the
> LDAP server).
Do you think that X=0 should mean never delete, but only refresh/update
the data?
Further we need to check that X is larger than
offline_credentials_expiration. This also means that if
offline_credentials_expiration=0 is it not possible to delete the user
data.
Otherwise I'm fine and I think it's a good strategy to keep the cache
clean and slim.
bye,
Sumit
I forgot one bit here.
We might decide to check also if the user is currently logged in. I can
imagine a case where a user suspends the laptop for a few days and
un-suspends later while offline.
I think it would be bad form to wipe out the user data while the user
is still working on the computer :)
If I recall correctly we already have code to check if a user is
currently logged in, so this shouldn't be difficult to account for.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel