Has the cache_credentials default changed in SSSD?

Posted on

During a recent audit of RHEL6 server configuration I identified what appears to be a change in the default configuration of the cache_credentials option in sssd. The documentation states that the default value for cache_credentials is false, but I am seeing the opposite.

The /etc/sssd/sssd.conf file in question does not specify a value for the cache_credentials option, and when running authconfig --test I get the following result:

 credential caching in SSSD is enabled

If I add the following to the sssd.conf file in the domain section:

cache_credentials = false

authconfig --test now shows the following (expected) result:

 credential caching in SSSD is disabled

The documentation (included man page) explicitly states that the default value is FALSE

       cache_credentials (bool)
           Determines if user credentials are also cached in the local LDB cache

           User credentials are stored in a SHA512 hash, not in plaintext

           Default: FALSE

The installed version of sssd is sssd-1.12.4-47.el6_7.7.x86_64

Has anyone else seen this? or is anyone else able to replicate this issue?

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.