Currently things aren't working as well as they could regarding password data.
One problem that has recently been discussed is that the nscd will cache negative entries relating to /etc/passwd lookups. Another problem is that there is no good reliable way of running databases for /etc/passwd etc. If /etc/nsswitch.conf has "passwd: db files" then if you do a list-all-users type operation (such as on starting a version of XDM that has icons for users) then every account will be listed twice. Also if you remove an account then it'll still be in the database... If you just have "passwd: db" then when you make a change to /etc/passwd it won't be noticed until the next time you run the make command to rebuild the database. The solution to the first problem could be to have the default /etc/nscd.conf not negatively cache entries from /etc/passwd. I don't think that it's so important to cache negative entries because they aren't generally triggered by daemons from inetd or cron jobs so they aren't going to be common enough to cause a serious loss of performance. In any case if you have a small /etc/passwd or a passwd database then it won't take long, if you have a large /etc/passwd then performance will suck no matter what you do. The solution to the second problem IMHO is to do what AIX does. On AIX when you have indexes for /etc/passwd etc the system stat's the index files and the flat-files. The file with the newest time-stamp is used. So if you have made new indexes more recently than the flat file has changed then the database is used for speed. If the flat file has been changed since the last time the database was generated then it will be used for accuracy. This system works so well that I have no doubt that it is the correct way to do things. The only question is what is the best way to implement it? Should it be a change to /lib/libnss_db* ? Or should we just send the suggestion upstream and hope for the best? NB This is something that really concerns me. I am involved with an AIX server for 30K users. I would prefer to see some of it's functions moved to a Linux server. Russell Coker PS We really need some documentation for nscd...
