Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 17 Aug 2014 12:10:27 -0400
From:      Adam McDougall <mcdouga9@egr.msu.edu>
To:        freebsd-current@freebsd.org
Subject:   Re: nscd not caching
Message-ID:  <53F0D3F3.4030804@egr.msu.edu>
In-Reply-To: <D86D34C6-B5E8-4141-BD9F-FF88B056DF6B@netapp.com>
References:  <FA0C5D1E-780A-4B01-8513-5A4B77DA051D@netapp.com> <D86D34C6-B5E8-4141-BD9F-FF88B056DF6B@netapp.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 08/17/2014 09:09, Eggert, Lars wrote:
> Nobody using nscd? Really?
> 

I would test for you, but we retired our NIS infrastructure at least a
year ago.  I did have it working on a test client at some point, but I
didn't push it into production because I found a couple issues (below).

We were using +::::::::: type entries in the local password and group
tables and I believe we used an unmodified /etc/nsswitch.conf (excluding
cache lines while testing nscd):

group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

The two main problems I recall were nscd making java crash, and nscd
holding on to negative cache lookups too long, causing failures while
installing ports that depend on adding users/groups for a following file
permission change.  I can't remember if the latter issue was fixed at
some point.  I also can't remember if I was receiving perfectly accurate
results from the cache either.

At our site, we never had enough load to outright require nscd on
FreeBSD, although there were some areas where caching had a usability
benefit.  top was slow to open since it would load the whole passwd
table first, but top -u was a workaround.  Our Samba servers allowed
users to connect a few seconds quicker if it didn't have to pull down
the entire group table to check group membership of the connecting user.
 As a workaround until we retired NIS, I wrote a hack of a script to
merge NIS groups into my local /etc/group files periodically from cron.
 Aside from bugs in my script, that worked well.

I dabbled with nscd a bit after we switched from NIS to LDAP.  I think I
recall lookups being slightly slower WITH the cache, plus I would get
some duplicated group entries returned on all but the first getent
group.  The short version is we in no way seem to benefit or require a
cache of LDAP with our site size, so I'm just not using nscd.  I didn't
make bug reports for these issues, I had to prioritize towards more
pressing issues.  I'm trying to do better about reporting bugs.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53F0D3F3.4030804>