= Proposed System Wide Change: SSSD fast cache for local users = https://fedoraproject.org/wiki/Changes/SSSDCacheForLocalUsers Change owner(s): * Stephen Gallagher <sgallagh@xxxxxxxxxx> * Jakub Hrozek <jhrozek@xxxxxxxxxx> Enable resolving all users through the sss NSS modules for better performance. == Detailed Description == SSSD ships with a very fast memory cache for a couple of releases now. However, using this cache conflicts with nscd's caching and nscd has been disabled by default. That degrades performance, because every user or group lookup must open the local files. This change proposes leveraging a new "files" provider SSSD will ship in the next version in order to resolve also users from the local files. That way, the "sss" NSS module can be configured before the files module in nsswitch.conf and the system could leverage sss_nss caching for both local and remote users. The upstream design of the files provider can be found at: [1] Below is a mini-FAQ that lists the most common questions we've received so far: Q: Does SSSD take over /etc/passwd and /etc/files? A: No. SSSD just monitors them with inotify and copies the records into its cache. Q: Does SSSD need to be running all the time now? What if it crashes? A: SSSD needs to be running in order to benefit from this functionality. However, the nss_sss module is built in such a way that even if sssd is not running, nss_sss should fail over to nss_files pretty quickly (we'll quantify "pretty quickly" in a more scientific fashion soon) Q: Do I need to configure SSSD now? A: No, we'll ship a default configuration. == Scope == * Proposal owners: Jakub Hrozek and Stephen Gallagher work on the design and coding * Other developers: The SSSD upstream will participate in code review of the change * Release engineering: None required * Policies and guidelines: None needed * Trademark approval: None needed [1] https://fedorahosted.org/sssd/wiki/DesignDocs/FilesProvider -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx