On 18/07/17 15:12, Stephen Gallagher wrote:
On Tue, Jul 18, 2017 at 10:00 AM Tom Hughes <tom@compton.nu mailto:tom@compton.nu> wrote:
On 18/07/17 14:48, Jaroslav Reznik wrote: > The default profile set will contain the following profiles: > > Local users + SSSD -- local users and remote users are handled by sssd > Local users + SSSD + Fingerprint -- same as above but also pam_fprintd > is enabled > Local users + winbind -- local users are handled by files and remote > users by winbind > Local users + winbind + Fingerprint -- same as above but also > pam_fprintd is enabled No "local only" profiles for people that don't need sssd? What is the effect of this on configurations that haven't been using sssd at all? Is everything going to suddenly start blocking/timing out on being unable to talk to it?
Starting with F26, the default configuration is for all setups to be using SSSD. See https://fedoraproject.org/wiki/Changes/SSSDCacheForLocalUsers
Well none of my newly upgraded F26 machines appear to be running it ;-)
This is actually advantageous, since the previous behavior was that all access to local users previously had to hit the disk (unless nscd was manually configured). If SSSD isn't responding, nsswitch will fail back to the old behavior fairly quickly.
I normally disabled nscd as well because the caching was just way too annoying...
Tom