nixos/nscd: Address doc feedback
This commit is contained in:
parent
a74619c1ae
commit
ef6ed03e2f
@ -247,22 +247,21 @@
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>nscd</literal> now disables all caching of
|
||||
The <literal>nscd</literal> service now disables all caching of
|
||||
<literal>passwd</literal> and <literal>group</literal> databases by
|
||||
default. This was interferring with the correct functioning of the
|
||||
<literal>libnss_systemd.so</literal> module which is used by
|
||||
<literal>systemd</literal> to manage uids and usernames in the presence
|
||||
of <literal>DynamicUser=</literal> in systemd services.
|
||||
The was already the default behaviour in presence of
|
||||
<literal>services.sssd.enable = true</literal> because nscd caching
|
||||
would interfere sssd in unpredictable ways as well.Because we're using nscd
|
||||
not for caching, but for convincing glibc to find NSS modules in the
|
||||
nix store instead of an absolute path, we have decided to disable
|
||||
caching globally now, as it's usually not the behaviour the user wants
|
||||
and can lead to surprising behaviour.
|
||||
Furthermore, negative caching of host lookups is also disabled now by
|
||||
default. This should fix the issue of dns lookups failing in the
|
||||
presence of an unreliable network.
|
||||
<literal>systemd</literal> to manage uids and usernames in the presence of
|
||||
<literal>DynamicUser=</literal> in systemd services. This was already the
|
||||
default behaviour in presence of <literal>services.sssd.enable =
|
||||
true</literal> because nscd caching would interfere with
|
||||
<literal>sssd</literal> in unpredictable ways as well. Because we're
|
||||
using nscd not for caching, but for convincing glibc to find NSS modules
|
||||
in the nix store instead of an absolute path, we have decided to disable
|
||||
caching globally now, as it's usually not the behaviour the user wants and
|
||||
can lead to surprising behaviour. Furthermore, negative caching of host
|
||||
lookups is also disabled now by default. This should fix the issue of dns
|
||||
lookups failing in the presence of an unreliable network.
|
||||
</para>
|
||||
<para>
|
||||
If the old behaviour is desired, this can be restored by setting
|
||||
|
Loading…
Reference in New Issue
Block a user