>>>> Or do you recommend a different way to run NSCD and SSSD at the same time >>>> on RHEL/CentOS systems? >>> >>> You only need to start it. We don't use it as a cache. We are only >>> interested in its network interface for use with glibc. > […] >> We turned off all NSCD caching: >> >> % grep enable-cache /etc/nscd.conf >> # enable-cache <service> <yes|no> >> enable-cache passwd no >> enable-cache group no >> enable-cache hosts no >> enable-cache services no >> enable-cache netgroup no > > Sorry, it appears that I was wrong about the role of caching. Our > cluster nodes (running CentOS) have this nscd config: > > --8<---------------cut here---------------start------------->8--- > enable-cache passwd yes > enable-cache group yes > enable-cache hosts no > enable-cache netgroup no > --8<---------------cut here---------------end--------------->8--- > > So while we don’t rely on caching per se, nscd needs to be configured to > cache passwd and group so that it actually fetches this type of > information from the system directories (e.g. LDAP). > > Sorry for the confusion!
OK! But this RHEL doc: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/usingnscd-sssd Seems to suggest turning on NSCD caching for passwd and group while also running SSSD can cause subtle issues? It says: "To avoid this problem, enable caching only for hosts in the the /etc/nscd.conf file and rely on the SSSD cache for the passwd, group, services, and netgroup entries." So my sysadmin and I are worried about turning on caching in NSCD and SSSD at the same time? Are you running both and have you seen any issues? Best, Chris
