nixos/nscd: Address doc feedback

This commit is contained in:
Arian van Putten 2018-12-12 14:49:19 +01:00
parent a74619c1ae
commit ef6ed03e2f

View File

@ -247,22 +247,21 @@
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The <literal>nscd</literal> now disables all caching of The <literal>nscd</literal> service now disables all caching of
<literal>passwd</literal> and <literal>group</literal> databases by <literal>passwd</literal> and <literal>group</literal> databases by
default. This was interferring with the correct functioning of the default. This was interferring with the correct functioning of the
<literal>libnss_systemd.so</literal> module which is used by <literal>libnss_systemd.so</literal> module which is used by
<literal>systemd</literal> to manage uids and usernames in the presence <literal>systemd</literal> to manage uids and usernames in the presence of
of <literal>DynamicUser=</literal> in systemd services. <literal>DynamicUser=</literal> in systemd services. This was already the
The was already the default behaviour in presence of default behaviour in presence of <literal>services.sssd.enable =
<literal>services.sssd.enable = true</literal> because nscd caching true</literal> because nscd caching would interfere with
would interfere sssd in unpredictable ways as well.Because we're using nscd <literal>sssd</literal> in unpredictable ways as well. Because we're
not for caching, but for convincing glibc to find NSS modules in the using nscd not for caching, but for convincing glibc to find NSS modules
nix store instead of an absolute path, we have decided to disable in the nix store instead of an absolute path, we have decided to disable
caching globally now, as it's usually not the behaviour the user wants caching globally now, as it's usually not the behaviour the user wants and
and can lead to surprising behaviour. can lead to surprising behaviour. Furthermore, negative caching of host
Furthermore, negative caching of host lookups is also disabled now by lookups is also disabled now by default. This should fix the issue of dns
default. This should fix the issue of dns lookups failing in the lookups failing in the presence of an unreliable network.
presence of an unreliable network.
</para> </para>
<para> <para>
If the old behaviour is desired, this can be restored by setting If the old behaviour is desired, this can be restored by setting