Increase the cache timeout to 5 minutes

A 15 second timeout ensures banned users are
forgotten almost immediately, but it also
drammatically increases network traffic, slows
down Himmelblau, and causes AADSTS50196 errors on
some tenants ("The server terminated an operation
because it encountered a client request loop").
A 5 minute timeout is more reasonable, and
mirrors Winbind's behavior. This timeout can
be decreased via configuration if necessary.

BUG: #290

Signed-off-by: David Mulder <[email protected]>

man/man5/himmelblau.conf.5

@@ -260,7 +260,7 @@ connection_timeout = 5
 .TP
 .B cache_timeout
 .RE
-The timeout for caching authentication data. Default is 15 seconds.
+The timeout for caching authentication data. Default is 300 seconds (5 minutes).
 
 .EXAMPLES
 cache_timeout = 10

platform/debian/himmelblau.conf.example

@@ -93,7 +93,7 @@ home_alias = CN
 # shell = /bin/bash ; default shell for the user
 # idmap_range = 5000000-5999999
 # connection_timeout = 2
-# cache_timeout = 15
+# cache_timeout = 300
 use_etc_skel = true
 # selinux = true
 

src/common/src/constants.rs

@@ -35,7 +35,7 @@ pub const DEFAULT_GRAPH: &str = "https://graph.microsoft.com";
 pub const DEFAULT_APP_ID: &str = "b743a22d-6705-4147-8670-d92fa515ee2b";
 pub const DRS_APP_ID: &str = "01cb2876-7ebd-4aa4-9cc9-d28bd4d359a9";
 pub const DEFAULT_CONN_TIMEOUT: u64 = 30;
-pub const DEFAULT_CACHE_TIMEOUT: u64 = 15;
+pub const DEFAULT_CACHE_TIMEOUT: u64 = 300;
 pub const DEFAULT_SELINUX: bool = true;
 pub const DEFAULT_HSM_PIN_PATH: &str = "/var/lib/himmelblaud/hsm-pin";
 pub const DEFAULT_HELLO_ENABLED: bool = true;

src/config/himmelblau.conf.example

@@ -91,7 +91,7 @@
 # shell = /bin/bash ; default shell for the user
 # idmap_range = 5000000-5999999
 # connection_timeout = 2
-# cache_timeout = 15
+# cache_timeout = 300
 # use_etc_skel = false
 # selinux = true