What about introducing another parameter (say -f for "force") which would delete
the information at once?
Does it make any sense?
Ondrej
On 09/11/2012 03:52 PM, Marko Myllynen wrote:
Hi,
>> I wanted to use sss_cache to find out whether sssd is running in a
>> connected or disconnected mode, but I found out it is not working the
>> way I expected.
>>
>> # sss_cache -u ondrej
>> - I expect all information about me is trashed
> sss_cache does not *delete* information. This is by design. It
> immediately *expires* it so that the next request for it will go back to
> the server and refresh it.
>
> The reason not to delete it is that if you're offline (or go that way
> immediately after running sss_cache) you will not lose all your file
> access.
I realize the benefit of this approach there's also a (corner) case
where this can be surprising to an administrator. Think of an
administrator doing the following on an offline system where "testuser"
is in SSSD's cache and perhaps already deleted from LDAP:
# pkill -U testuser
# userdel -r testuser
# sss_cache -u testuser
At this point the administrator may easily be tempted to think that
testuser is gone for good but actually as long as the system is offline,
testuser can login as before and merrily continue doing whatever s/he
was getting the kick from the administrator for.
Cheers,