On Thu, 2009-08-13 at 09:27 -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/13/2009 08:38 AM, Simo Sorce wrote:
> On Thu, 2009-08-13 at 08:54 -0400, Stephen Gallagher wrote:
>>> NOTE: this means that until the first background enumeration is
>>> complete, a getent passwd or a getent group call may return incomplete
>>> results. I think this is acceptable as it will really happen only at
>>> startup, when the daemon caches are empty.
>>>
>> I disagree. If we're going to have a startup enumeration, then we should
>> simply not enable handling NSS requests until that first enumeration is
>> complete. Incomplete results can be worse than no results. I assume NSS
>> has a return code for temporary failure?
>
> Internally, yes, but all it does it to return no results to the user
> space. Not returning results is == returning partial results. So I see
> no difference here.
I was referring to having our NSS client-side component return TRYAGAIN
or UNAVAIL instead of zero results, since the nsswitch.conf file can be
configured to handle these appropriately.
We could do that, but how is it going to really make any difference for
getent passwd ?
Simo.