09244cbd98
This effectively disables nscd's built-in hosts cache, which turns out to be erratic in some cases. We only use nscd these days as a more ABI-neutral NSS dispatcher mechanism. Local caching should still be possible with local resolvers in /etc/resolv.conf (via the `dns` NSS module), or without local resolvers via systemd-networkd (via the `resolve` nss module) We don't set enable-cache to no due to https://github.com/NixOS/nixpkgs/pull/50316#discussion_r241035226.
34 lines
1.4 KiB
Text
34 lines
1.4 KiB
Text
# We basically use nscd as a proxy for forwarding nss requests to appropriate
|
|
# nss modules, as we run nscd with LD_LIBRARY_PATH set to the directory
|
|
# containing all such modules
|
|
# Note that we can not use `enable-cache no` As this will actually cause nscd
|
|
# to just reject the nss requests it receives, which then causes glibc to
|
|
# fallback to trying to handle the request by itself. Which won't work as glibc
|
|
# is not aware of the path in which the nss modules live. As a workaround, we
|
|
# have `enable-cache yes` with an explicit ttl of 0
|
|
server-user nscd
|
|
|
|
enable-cache passwd yes
|
|
positive-time-to-live passwd 0
|
|
negative-time-to-live passwd 0
|
|
shared passwd yes
|
|
|
|
enable-cache group yes
|
|
positive-time-to-live group 0
|
|
negative-time-to-live group 0
|
|
shared group yes
|
|
|
|
enable-cache netgroup yes
|
|
positive-time-to-live netgroup 0
|
|
negative-time-to-live netgroup 0
|
|
shared netgroup yes
|
|
|
|
enable-cache hosts yes
|
|
positive-time-to-live hosts 0
|
|
negative-time-to-live hosts 0
|
|
shared hosts yes
|
|
|
|
enable-cache services yes
|
|
positive-time-to-live services 0
|
|
negative-time-to-live services 0
|
|
shared services yes
|