Bug 2360 - we need to expire the netsamlogon_cache
Summary: we need to expire the netsamlogon_cache
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.11
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
: 1190 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-02-18 05:53 UTC by Volker Lendecke
Modified: 2005-09-28 07:29 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Volker Lendecke 2005-02-18 05:53:52 UTC 
In more and more cases I've come across problems that arise because the
netsamlogon_cache.tdb is never expiring entries. Someone logs in, and *forever*
after that the information that is returned from wbinfo --user-sids & friends
represents what has been current during that logon. As nowadays we are perfectly
able to expand domain local groups ourselves, I would see netsamlogon_cache.tdb
as a pure cache for efficiency. As such it should at least expire upon a winbind
restart, if not after the winbind cache time.

Jerry, I'm filing this as a bug and don't work on the code directly, as this
probably needs discussion first.

Volker
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-02-18 06:02:41 UTC 
*** Bug 1190 has been marked as a duplicate of this bug. ***
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-02-18 06:16:57 UTC 
in the beginning it was to work around lack of schannel 
support and restructanonymous environments.  I agree we 
should have some cache timeout, but a time based cache may 
not be correct in my opinion.  If we could code a session 
based cache for the lifetime of the connection, that would 
probably be best.

We should talk about how to bring things up to date.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-09-28 07:29:21 UTC 
cache has been removed for 3.0.21.