Some info I had from IBM.
1) There no way to flush the cash manually (with an API or whatever.)
This will never exist in WAS 4
This does not exist in WAS 5
2) WebSphere have a cache for the credentials, refreshed according to the Security Cache Timeout.
When a credential is modified (removed or updated)
it takes was 1.5 times the security cache to disappear.
Sides effects :
A deleted user can log in as long as the cache timeout is not reached and the LTPA Token is not expired.
If a password change, a user can logon with the old OR new password, till the old one is flushed from the cache or the LTPA Token expire
The LTPA Token is an absolute value.
The Security Cache Timeout is relative to the last
time a specific entry is accessed in the security cache
Conclusion...works as designed

[ September 17, 2002: Message edited by: Bill Bailey ]