On 05/18/2017 09:41 AM, James Hogarth wrote:
On 18 May 2017 at 14:33, Stephen Gallagher
<sgallagh(a)redhat.com> wrote:
> That's a perfectly reasonable request. I think it's fair to say that if no
> central user management is required, it's reasonable that our default would be
> to drop 'sss' from nsswitch.conf and turn nscd back on (to avoid I/O lookups
on
> the local files).
>
> Though if we do that, I'd still like to see some daemon *somewhere* monitoring
> the files and flushing the nscd cache if they are modified, because an outdated
> nscd cache is one of the hardest things for an end-user to debug because there's
> really nowhere that can log it.
>
>
The lack of logging of nscd, if anything, I'd argue is a reason for
the various Working Groups for the Products to have sssd enabled (with
sss at the start of nsswitch) and running by default, and with systemd
always restarting it.
In other words, the exact current state of Fedora 26 (modulo the systemd piece;
some parts of SSSD can be auto-managed by systemd, the rest are managed by the
sssd "monitor" process which does the auto-restarting if needed).