account checks should be done with fresh data

[sssd-bot]

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/749

• Created at 2010-12-22 16:07:13 by ossman
• Closed as Fixed
• Assigned to sgallagh

---

Currently the data for a user is refreshed when sssd performs the authentication step, which makes sure you don't perform any security sensitive decisions on stale data. Unfortunately you get problems if you authenticate by other means and only use sssd for access control. In those cases sssd will not refresh data and changes to access permissions could take 90 minutes to take effect (with a default configuration).

sssd should be changed so that doing only access control also acts on up to date data.

Comments

---

Comment from sgallagh at 2010-12-22 16:09:30

Fields changed

component: SSSD => PAM
milestone: NEEDS_TRIAGE => SSSD 1.5.0
owner: somebody => sgallagh
status: new => assigned
tests: 0 => 1

---

Comment from sgallagh at 2011-01-03 14:07:23

Fixed by c71ff1e

resolution: => fixed
status: assigned => closed

---

Comment from ossman at 2011-01-24 20:29:25

Confirmed working.

(a bit late, but for posterity :))

upgrade: => 0

---

Comment from dpal at 2012-01-19 03:02:02

Fields changed

rhbz: => 0

---

Comment from ossman at 2017-02-24 14:24:11

Metadata Update from @ossman:

• Issue assigned to sgallagh
• Issue set to the milestone: SSSD 1.5.0