Skip to content

Commit

Permalink
nixos/nscd: Address doc feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
arianvp committed Dec 12, 2018
1 parent a74619c commit ef6ed03
Showing 1 changed file with 12 additions and 13 deletions.
25 changes: 12 additions & 13 deletions nixos/doc/manual/release-notes/rl-1903.xml
Original file line number Diff line number Diff line change
Expand Up @@ -247,22 +247,21 @@
</listitem>
<listitem>
<para>
The <literal>nscd</literal> now disables all caching of
The <literal>nscd</literal> service now disables all caching of
<literal>passwd</literal> and <literal>group</literal> databases by
default. This was interferring with the correct functioning of the
<literal>libnss_systemd.so</literal> module which is used by
<literal>systemd</literal> to manage uids and usernames in the presence
of <literal>DynamicUser=</literal> in systemd services.
The was already the default behaviour in presence of
<literal>services.sssd.enable = true</literal> because nscd caching
would interfere sssd in unpredictable ways as well.Because we're using nscd
not for caching, but for convincing glibc to find NSS modules in the
nix store instead of an absolute path, we have decided to disable
caching globally now, as it's usually not the behaviour the user wants
and can lead to surprising behaviour.
Furthermore, negative caching of host lookups is also disabled now by
default. This should fix the issue of dns lookups failing in the
presence of an unreliable network.
<literal>systemd</literal> to manage uids and usernames in the presence of
<literal>DynamicUser=</literal> in systemd services. This was already the
default behaviour in presence of <literal>services.sssd.enable =
true</literal> because nscd caching would interfere with
<literal>sssd</literal> in unpredictable ways as well. Because we're
using nscd not for caching, but for convincing glibc to find NSS modules
in the nix store instead of an absolute path, we have decided to disable
caching globally now, as it's usually not the behaviour the user wants and
can lead to surprising behaviour. Furthermore, negative caching of host
lookups is also disabled now by default. This should fix the issue of dns
lookups failing in the presence of an unreliable network.
</para>
<para>
If the old behaviour is desired, this can be restored by setting
Expand Down

0 comments on commit ef6ed03

Please sign in to comment.