Date: Sun, 17 Aug 2014 12:10:27 -0400 From: Adam McDougall <mcdouga9@egr.msu.edu> To: freebsd-current@freebsd.org Subject: Re: nscd not caching Message-ID: <53F0D3F3.4030804@egr.msu.edu> In-Reply-To: <D86D34C6-B5E8-4141-BD9F-FF88B056DF6B@netapp.com> References: <FA0C5D1E-780A-4B01-8513-5A4B77DA051D@netapp.com> <D86D34C6-B5E8-4141-BD9F-FF88B056DF6B@netapp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/17/2014 09:09, Eggert, Lars wrote: > Nobody using nscd? Really? > I would test for you, but we retired our NIS infrastructure at least a year ago. I did have it working on a test client at some point, but I didn't push it into production because I found a couple issues (below). We were using +::::::::: type entries in the local password and group tables and I believe we used an unmodified /etc/nsswitch.conf (excluding cache lines while testing nscd): group: compat group_compat: nis hosts: files dns networks: files passwd: compat passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files The two main problems I recall were nscd making java crash, and nscd holding on to negative cache lookups too long, causing failures while installing ports that depend on adding users/groups for a following file permission change. I can't remember if the latter issue was fixed at some point. I also can't remember if I was receiving perfectly accurate results from the cache either. At our site, we never had enough load to outright require nscd on FreeBSD, although there were some areas where caching had a usability benefit. top was slow to open since it would load the whole passwd table first, but top -u was a workaround. Our Samba servers allowed users to connect a few seconds quicker if it didn't have to pull down the entire group table to check group membership of the connecting user. As a workaround until we retired NIS, I wrote a hack of a script to merge NIS groups into my local /etc/group files periodically from cron. Aside from bugs in my script, that worked well. I dabbled with nscd a bit after we switched from NIS to LDAP. I think I recall lookups being slightly slower WITH the cache, plus I would get some duplicated group entries returned on all but the first getent group. The short version is we in no way seem to benefit or require a cache of LDAP with our site size, so I'm just not using nscd. I didn't make bug reports for these issues, I had to prioritize towards more pressing issues. I'm trying to do better about reporting bugs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53F0D3F3.4030804>