F18 users unable to log in due to cached nsswitch.conf

Simo Sorce simo at redhat.com
Wed Oct 17 17:07:07 UTC 2012


On Wed, 2012-10-17 at 18:39 +0200, Miloslav Trmač wrote:
> On Wed, Oct 17, 2012 at 6:29 PM, Stef Walter <stefw at redhat.com> wrote:
> > On 10/17/2012 06:21 PM, Miloslav Trmač wrote:
> >>
> >> That's rather far from actually fixing the problem.  Can we get it
> >> fixed_first_?  It seems that we could drop the glibc caching,
> >
> > Obviously dropping the caching would be pretty nasty. Having to dlopen the
> > modules each time you do a getpwnam() (or friends) isn't cool.
> >
> > I assume you mean fstating the file on each lookup? I'm not against this,
> > and I can try and propose this to glibc, but I'm pretty sure what's going to
> > happen. See similar /etc/resolv.conf discussions.
> Yes, that's basically what I meant (perhaps only on each getXXnam() or
> setXXent(), not on sequential getXXent() calls).
> 
> >> I'm not opposed to changing the default nsswitch.conf to avoid that
> >> reboot (well, I think it's ugly to refer to a non-installed module,
> >> but that's an aesthetic, not a principal thing) and to improve the
> >> user experience in the default case, but we do need to have some way
> >> to fix the underlying problem, a better way than just giving up and
> >> conceding that nsswitch.conf can't be edited from now on.
> >
> >
> > We are working on it and I linked to that bug in my report. Ray Strode and I
> > are working on patches to glibc.
> >
> > http://sourceware.org/bugzilla/show_bug.cgi?id=12459
> 
> Right, this would still require a modification of every long-running
> process dealing with the nsswitch databases.  Modifying the glibc
> caching behavior would probably be simpler.
> 
> Jeff, what do you think?

Personally I do not like the nss_init() calls, it will just make it even
more difficult to diagnose 'heisenbugs' when some apps start doing it,
some don't and some other do it at the wrong time.

I would rather have glibc do it automatically with rate limiting.
Like no more than once every 3 minutes do a stat on one of the getent
calls and reload if necessary, still this would be thousands of
unnecessary (vs 0 necessary) stat() calls every day, not the best
solution.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



More information about the devel mailing list