search

sgnl05 / sgnl05-sssd

Puppet module for SSSD
https://forge.puppet.com/sgnl05/sssd
GNU General Public License v3.0
17 stars 76 forks source link

cache_credentials always true #97

Closed hboetes closed 4 years ago

hboetes commented 4 years ago

Assuming this recipe:

class role_base::sss {
  class {'sssd':
    config => {
      'sssd' => {
        'domains'             => 'example.com',
        'services'            => ['nss', 'pam', 'sudo', 'ssh'],
      },
      'domain/axis-flight-training-systems.at' => {
        'access_provider'                => 'ipa',
        'auth_provider'                  => 'ipa',
        'cache_credentials'              => false,
        'case_sensitive'                 => false,
        'krb5_store_password_if_offline' => true,
        'chpass_provider'                => 'ipa',
        'debug_level'                    => '1',
        'default_shell'                  => '/bin/bash',
        'ipa_domain'                     => 'example.com',
        'ipa_hostname'                   => $fqdn,
        'ipa_server'                     => ['_srv_', 'ipa.example.com'],
        'fallback_homedir'               => '/home/%u',
        'id_provider'                    => 'ipa',
        'ldap_tls_cacert'                => '/etc/ipa/ca.crt',
        'sudo_provider'                  => 'ipa',
        'enumerate'                      => 'true',
        'cache_credentials'              => 'true',
      },
      'nss' => {
        'memcache_timeout'  => '600',
        'homedir_substring' => '/Users',
      },
      'pam' => {
        'offline_credentials_expiration' => '90',
      }
    }
  }
}

credential caching is set to true, the configured value is simply ignored.

sgnl05 commented 4 years ago

This module only generates a config for SSSD. How SSSD treats it is not within the scope of the module.