From owner-freebsd-current@FreeBSD.ORG Sun Aug 17 16:10:36 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 57B5DF41 for ; Sun, 17 Aug 2014 16:10:36 +0000 (UTC) Received: from mail.egr.msu.edu (gribble.egr.msu.edu [35.9.37.169]) by mx1.freebsd.org (Postfix) with ESMTP id 2FEBD2830 for ; Sun, 17 Aug 2014 16:10:35 +0000 (UTC) Received: from gribble (localhost [127.0.0.1]) by mail.egr.msu.edu (Postfix) with ESMTP id 20D5E46644 for ; Sun, 17 Aug 2014 12:10:28 -0400 (EDT) X-Virus-Scanned: amavisd-new at egr.msu.edu Received: from mail.egr.msu.edu ([127.0.0.1]) by gribble (gribble.egr.msu.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8YR1eRkKygiW for ; Sun, 17 Aug 2014 12:10:27 -0400 (EDT) Received: from EGR authenticated sender Message-ID: <53F0D3F3.4030804@egr.msu.edu> Date: Sun, 17 Aug 2014 12:10:27 -0400 From: Adam McDougall User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: freebsd-current@freebsd.org Subject: Re: nscd not caching References: In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Aug 2014 16:10:36 -0000 On 08/17/2014 09:09, Eggert, Lars wrote: > Nobody using nscd? Really? > I would test for you, but we retired our NIS infrastructure at least a year ago. I did have it working on a test client at some point, but I didn't push it into production because I found a couple issues (below). We were using +::::::::: type entries in the local password and group tables and I believe we used an unmodified /etc/nsswitch.conf (excluding cache lines while testing nscd): group: compat group_compat: nis hosts: files dns networks: files passwd: compat passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files The two main problems I recall were nscd making java crash, and nscd holding on to negative cache lookups too long, causing failures while installing ports that depend on adding users/groups for a following file permission change. I can't remember if the latter issue was fixed at some point. I also can't remember if I was receiving perfectly accurate results from the cache either. At our site, we never had enough load to outright require nscd on FreeBSD, although there were some areas where caching had a usability benefit. top was slow to open since it would load the whole passwd table first, but top -u was a workaround. Our Samba servers allowed users to connect a few seconds quicker if it didn't have to pull down the entire group table to check group membership of the connecting user. As a workaround until we retired NIS, I wrote a hack of a script to merge NIS groups into my local /etc/group files periodically from cron. Aside from bugs in my script, that worked well. I dabbled with nscd a bit after we switched from NIS to LDAP. I think I recall lookups being slightly slower WITH the cache, plus I would get some duplicated group entries returned on all but the first getent group. The short version is we in no way seem to benefit or require a cache of LDAP with our site size, so I'm just not using nscd. I didn't make bug reports for these issues, I had to prioritize towards more pressing issues. I'm trying to do better about reporting bugs.