* Jakub Hrozek:
> On Thu, Aug 08, 2019 at 09:09:12PM +0200, Florian Weimer wrote:
>> We'd like to propose removing nscd from Fedora, for Fedora 32.
>> (The goal is to make this change downstream, too.)
>>
>> Carlos told me that in the past, sssd couldn't do full caching for
>> nss_files, and that was still a concern at the time. Has this changed?
>
> This has not changed. SSSD does not have support for some nss_files-type
> maps at all, like networks or hosts, meaning that even if you had those
> objects stored in LDAP, SSSD wouldn't even be able to resolve them
> (although some friendly Suse developers are adding support for more
> maps).
>
> But even when this is implemented, then the request still has to go from
> the client application over a socket to the deamon and back. We'd still
> be missing the fast in-memory cache support like we do have for
> passwd,group and initgroups. (the memory cache design is described
> at
> https://docs.pagure.org/SSSD.sssd/developers/mmap_cache_1.15.html#how-does-the-memory-mapped-cache-work)
I see. The shared mapping is what seems to cause most of the issues in
nscd unfortunately.
So this leads to the question if removal of nscd is actually feasible.
>> What about WINS/winbind?
>
> Sorry, what about it? Are you asking if winbind has support for some
> sort of nss_files caching or the other way around if sssd can wrap
> wibind using its cache?
The latter.
> btw I've seen people using nscd mostly with maps that sssd does not
> support at all, together with nslcd (nss-pam-ldap)
We see a lot of nscd bugs related to DNS caching.
Thanks,
Florian
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org