On Wed, Jan 25, 2017 at 07:36:33PM +0100, Michael Ströder wrote:
HI!
I vaguely remember a statement here that one should always disable nscd on a system
running sssd. After chasing an issue on a customer system today I can confirm this. I
always uninstall nscd from all my own systems.
Therefore I'm considering to let my ansible role (used for configuring Æ-DIR
clients)
strictly disable nscd. Does that make sense?
Caveat: Some people might want to let nscd cache other maps not handled by sssd (e.g.
hosts). Any recommendations to tweak /etc/nscd.conf to let nscd coexist with sssd?
These lines could probably be a good start:
enable-cache passwd no
enable-cache group no
This is a good start. SSSD also handles the 'initgroups', 'netgroup' and
'services' maps.