On 8/14/19 11:02 AM, Florian Weimer wrote:
* Jakub Hrozek:
On Thu, Aug 08, 2019 at 09:09:12PM +0200, Florian Weimer wrote:
We'd like to propose removing nscd from Fedora, for Fedora 32.
(The goal is to make this change downstream, too.)
Carlos told me that in the past, sssd couldn't do full caching for
nss_files, and that was still a concern at the time. Has this changed?
This has not changed. SSSD does not have support for some nss_files-type
maps at all, like networks or hosts, meaning that even if you had those
objects stored in LDAP, SSSD wouldn't even be able to resolve them
(although some friendly Suse developers are adding support for more
maps).
But even when this is implemented, then the request still has to go from
the client application over a socket to the deamon and back. We'd still
be missing the fast in-memory cache support like we do have for
passwd,group and initgroups. (the memory cache design is described
at
https://docs.pagure.org/SSSD.sssd/developers/mmap_cache_1.15.html#how-does-the-memory-mapped-cache-work)
I see. The shared mapping is what seems to cause most of the issues in
nscd unfortunately.
So this leads to the question if removal of nscd is actually feasible.
There are already tickets to implement rest of the maps:
https://pagure.io/SSSD/sssd/issue/901
https://pagure.io/SSSD/sssd/issue/359
Some of them are already implemented (services, protocols). So far it
was not our priority, but perhaps we can allocate some time to work on
it so nscd can be removed. But I do not think it is doable for F32.
>>> What about WINS/winbind?
Sorry, what about it? Are you asking if winbind has support for some
sort of nss_files caching or the other way around if sssd can wrap
wibind using its cache?
The latter.
btw I've seen people using nscd mostly with maps that sssd does not
support at all, together with nslcd (nss-pam-ldap)
We see a lot of nscd bugs related to DNS caching.
Thanks,
Florian
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
