#1582 Improve renewing the ccache with LDAP when using GSSAPI
Closed: wontfix 4 years ago by pbrezina. Opened 11 years ago by jhrozek.

When the SSSD is configured to use GSSAPI, then we only kinit very close to the end of life of the ccache (lifetime - ldap_opt_timeout) and only once. We should change it so that we try at, say, 66% of the ccache lifetime and then retry again.

17:07 <@jhrozek> I would propose to renew at 50%, if the first renewal fails, then try again at 75% and keep trying at reasonable intervals until we either fail or renew
17:07 <@jhrozek> simo: also factor in logic not to renew to fast
17:07 * JrAquino has seen several ccache errors in the sssd logs as of late
17:08 < simo> jhrozek: I would say renew at 2/3 (66%) then retry backing off after 5 sec, 10 sec, 20 sec ... etc until you try once every 5 min.
17:08 < simo> backing off is quite standard in this type of stuff

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10 beta
priority: major => minor

Fields changed

rhbz: => todo

Fields changed

selected: => Not need

Moving tickets that are not a priority for SSSD 1.10 into the next release.

milestone: SSSD 1.10 beta => SSSD 1.11 beta

Fields changed

mark: => 0

Fields changed

changelog: =>
design: =>
design_review: => 0
fedora_test_page: =>
milestone: SSSD 1.13 beta => SSSD 1.13 backlog
priority: minor => major
review: => 0

Mass-moving tickets not planned for the 1.13 release to 1.14

milestone: SSSD 1.13 backlog => SSSD 1.14 beta

Out of scope for 1.14, sorry.

milestone: SSSD 1.14 beta => SSSD 1.15 beta
sensitive: => 0

This ticket was not touched or needed for 4 years, but I still think it's a good idea, therefore I propose we move it to the 'patches welcome' milestone instead.

review: 0 => 1
selected: Not need => May

The idea still makes sense, but is not planned (and IMO wouldn't be planned w/o a patch), so I'm moving it to Patches welcome.

milestone: SSSD Future releases (no date set yet) => SSSD Patches welcome

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD Patches welcome

7 years ago

Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfill this request I am closing the issue as wontfix.

If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.

Thank you for understanding.

Metadata Update from @pbrezina:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2624

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata