:: Re: [DNG] Implementing directory se…
Top Page
Delete this message
Reply to this message
Author: Rick Moen
Date:  
To: dng
Subject: Re: [DNG] Implementing directory services/Kerberos
Quoting wirelessduck@??? (wirelessduck@???):

> nslcd appears to be working fine here now. I don't think I need to
> fiddle with any nscd settings at this point in time.


nscd is a cache for (a configuable subset of) numerous types of names,
including /etc/passwd, /etc/group, /etc/hosts, /etc/services and
/etc/netgroup (but pointedly not /etc/shadow) as called through standard
libc interfaces, such as getpwnam(3), getpwuid(3), getgrnam(3),
getgrgid(3), gethostbyname(3), and others.

Some time back (it stuck in memory because of being a striking
failure[1]), nscd had a longtime implementation flaw where it
disregarded TTL (time to live) values on cached DNS reference records,
so I'm _still_ not thrilled with the notion of entrusting the 'hosts'
caching function to it. Were I to do a significant deployment today,
I'd spare a moment to look into alternatives, like, obviously, Unbound /
dncsache / pdns-recursor, Deadwood (which albeit much more than just a
cache, also don't raise code-quality conerns) -- or maybe just
dnsmasq[2]. FWIW, nscd author (and former glibc maintainer) Ulrich
Drepper disapproves of views like mine and Kyle Rankin's.
https://udrepper.livejournal.com/16362.html

[1] nscd has cached TTL since a 2004 source code check-in, but it's
appalling that the ability was missing even that long -- not to mention
difficulty getting it right, e.g. 2010 bug here:
https://bugzilla.redhat.com/show_bug.cgi?id=656014

[2] https://www.linuxjournal.com/content/localhost-dns-cache