HI!
I vaguely remember a statement here that one should always disable nscd on a system running sssd. After chasing an issue on a customer system today I can confirm this. I always uninstall nscd from all my own systems.
Therefore I'm considering to let my ansible role (used for configuring Æ-DIR clients) strictly disable nscd. Does that make sense?
Caveat: Some people might want to let nscd cache other maps not handled by sssd (e.g. hosts). Any recommendations to tweak /etc/nscd.conf to let nscd coexist with sssd?
These lines could probably be a good start:
enable-cache passwd no enable-cache group no
Any other hints?
Ciao, Michael.
On Wed, Jan 25, 2017 at 07:36:33PM +0100, Michael Ströder wrote:
HI!
I vaguely remember a statement here that one should always disable nscd on a system running sssd. After chasing an issue on a customer system today I can confirm this. I always uninstall nscd from all my own systems.
Therefore I'm considering to let my ansible role (used for configuring Æ-DIR clients) strictly disable nscd. Does that make sense?
Caveat: Some people might want to let nscd cache other maps not handled by sssd (e.g. hosts). Any recommendations to tweak /etc/nscd.conf to let nscd coexist with sssd?
These lines could probably be a good start:
enable-cache passwd no enable-cache group no
This is a good start. SSSD also handles the 'initgroups', 'netgroup' and 'services' maps.
sssd-users@lists.fedorahosted.org