F25 System Wide Change: SSSD fast cache for local users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

= Proposed System Wide Change: SSSD fast cache for local users =
https://fedoraproject.org/wiki/Changes/SSSDCacheForLocalUsers

Change owner(s):
* Stephen Gallagher <sgallagh@xxxxxxxxxx>
* Jakub Hrozek <jhrozek@xxxxxxxxxx>

Enable resolving all users through the sss NSS modules for better performance. 

== Detailed Description ==
SSSD ships with a very fast memory cache for a couple of releases now. 
However, using this cache conflicts with nscd's caching and nscd has been 
disabled by default. That degrades performance, because every user or group 
lookup must open the local files.

This change proposes leveraging a new "files" provider SSSD will ship in the 
next version in order to resolve also users from the local files. That way, 
the "sss" NSS module can be configured before the files module in 
nsswitch.conf and the system could leverage sss_nss caching for both local and 
remote users.

The upstream design of the files provider can be found at: [1]

Below is a mini-FAQ that lists the most common questions we've received so 
far:

Q: Does SSSD take over /etc/passwd and /etc/files?
A: No. SSSD just monitors them with inotify and copies the records into its 
cache.
 
Q: Does SSSD need to be running all the time now? What if it crashes?
A: SSSD needs to be running in order to benefit from this functionality. 
However, the nss_sss module is built in such a way that even if sssd is not 
running, nss_sss should fail over to nss_files pretty quickly (we'll quantify 
"pretty quickly" in a more scientific fashion soon) 

Q: Do I need to configure SSSD now?
A: No, we'll ship a default configuration. 

== Scope ==
* Proposal owners: Jakub Hrozek and Stephen Gallagher work on the design and 
coding 

* Other developers: The SSSD upstream will participate in code review of the 
change 

* Release engineering: None required 

* Policies and guidelines: None needed 

* Trademark approval: None needed 

[1] https://fedorahosted.org/sssd/wiki/DesignDocs/FilesProvider

--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux