https://fedoraproject.org/wiki/Changes/RemoveNSCD
== Summary ==
This proposal intends to replace the ''nscd'' cache for named services
with ''systemd-resolved'' for the `hosts` database and the ''sssd''
daemon for everything else.
== Owner ==
* Name: [[User:submachine| Arjun Shankar]]
* Email: ar...@redhat.com
== Detailed Description ==
''nscd'' is a daemon that provides caching for accesses of the
`passwd`, `group`, `hosts`, `services`, and `netgroup` databases
through standard libc interfaces (such as `getpwnam`, `getpwuid`,
`getgrnam`, `getgrgid`, `gethostbyname`, etc.). This proposal intends
to replace ''nscd'' in Fedora with ''systemd-resolved'' for the
`hosts` database and the ''sssd'' daemon for everything else.
Accordingly, the `nscd` sub-package of glibc will be removed and
obsoleted.
== Benefit to Fedora ==
While still maintained within the glibc source tree, ''nscd'' has
received less than forty commits in the past three years and has
gathered significant technical debt, and has bugs which are hard to
fix. There are concurrency bugs in the shared mappings, cache
unification (IPv4 vs. IPv6 vs. AF_UNSPEC) issues, and more which would
require significant investment to fix in nscd. Such an investment
seems like duplicate effort among our communities given the quality
and state of ''sssd'', and ''systemd-resolved'' which is already
proposed to be enabled by default from [[Changes/systemd-resolved |
Fedora 33 onwards]].
At a high level, sssd and systemd-resolved together provide a caching
solution that has feature parity with nscd, with systemd-resolved
covering the hosts cache and sssd the rest. The removal of nscd from
Fedora will:
* move the user base over to a more modern solution for named services
caching, and
* reduce maintenance work on the Fedora glibc package and the
duplication of effort on nscd upstream.
== Scope ==
* Proposal owners:
The volume of work required is minimal, with the only change being the
removal and obsolescence of the nscd sub-package offered by glibc
which can be achieved by minor changes to the spec file. Since nscd is
not installed by default, the affect on the distribution is minimal.
Users who have installed nscd in an earlier release of Fedora will
need to install and configure sssd instead.
* Other developers: `nss-pam-ldapd` has a weak dependency on nscd that
will need to be removed. `libuser` has a build dependency on nscd that
will also need to be removed.
* Release engineering:
This change does not require coordination with or have impact on
release engineering and does not require a mass rebuild.
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives: Yes, this proposal aligns with the
[https://docs.fedoraproject.org/en-US/project/objectives current
objective] of "Fedora Minimization".
== Upgrade/compatibility impact ==
N/A (not a System Wide Change)
== User Experience ==
* Most users will be unaffected by this change because nscd is not
installed by default. It is usually used on systems configured with
LDAP, where nscd provides caching of remote queries.
* On a system using nscd that is updated to Fedora 34 from a previous
version, the system administrator will need to install and configure
sssd to replace it after the update. Even when this is not done, the
only visible affect will be slower resolution of named service queries
due to a missing cache.
* Users on a system running sssd and systemd-resolved instead of nscd
shouldn't see any noticeable difference in system behaviour or latency
in resolving named services.
== Dependencies ==
* `nss-pam-ldapd` has a weak dependency on nscd that will need to be removed.
* `libuser` has a build dependency on nscd that will also need to be removed.
Both changes are minimal, requiring a removal of the dependency in the
spec file, and a rebuild.
== Contingency Plan ==
* Contingency mechanism: Revert changes to glibc spec file and
continue to ship nscd. Revert changes to libuser and nss-pam-ldapd
packages; this will need to be done by the respective package
maintainers.
* Contingency deadline: Fedora 34 Beta Freeze
* Blocks release? N/A (not a System Wide Change)
* Blocks product? None
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
___
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
