Has the cache_credentials default changed in SSSD?
During a recent audit of RHEL6 server configuration I identified what appears to be a change in the default configuration of the cache_credentials option in sssd. The documentation states that the default value for cache_credentials is false, but I am seeing the opposite.
The /etc/sssd/sssd.conf file in question does not specify a value for the cache_credentials option, and when running authconfig --test I get the following result:
credential caching in SSSD is enabled
If I add the following to the sssd.conf file in the domain section:
cache_credentials = false
authconfig --test now shows the following (expected) result:
credential caching in SSSD is disabled
The documentation (included man page) explicitly states that the default value is FALSE
cache_credentials (bool)
Determines if user credentials are also cached in the local LDB cache
User credentials are stored in a SHA512 hash, not in plaintext
Default: FALSE
The installed version of sssd is sssd-1.12.4-47.el6_7.7.x86_64
Has anyone else seen this? or is anyone else able to replicate this issue?
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
