From ef6ed03e2f7e757a46469077d8ef66cecccb919d Mon Sep 17 00:00:00 2001 From: Arian van Putten Date: Wed, 12 Dec 2018 14:49:19 +0100 Subject: [PATCH] nixos/nscd: Address doc feedback --- nixos/doc/manual/release-notes/rl-1903.xml | 25 +++++++++++----------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml index 975c566411c..9405bf063d5 100644 --- a/nixos/doc/manual/release-notes/rl-1903.xml +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -247,22 +247,21 @@ - The nscd now disables all caching of + The nscd service now disables all caching of passwd and group databases by default. This was interferring with the correct functioning of the libnss_systemd.so module which is used by - systemd to manage uids and usernames in the presence - of DynamicUser= in systemd services. - The was already the default behaviour in presence of - services.sssd.enable = true because nscd caching - would interfere sssd in unpredictable ways as well.Because we're using nscd - not for caching, but for convincing glibc to find NSS modules in the - nix store instead of an absolute path, we have decided to disable - caching globally now, as it's usually not the behaviour the user wants - and can lead to surprising behaviour. - Furthermore, negative caching of host lookups is also disabled now by - default. This should fix the issue of dns lookups failing in the - presence of an unreliable network. + systemd to manage uids and usernames in the presence of + DynamicUser= in systemd services. This was already the + default behaviour in presence of services.sssd.enable = + true because nscd caching would interfere with + sssd in unpredictable ways as well. Because we're + using nscd not for caching, but for convincing glibc to find NSS modules + in the nix store instead of an absolute path, we have decided to disable + caching globally now, as it's usually not the behaviour the user wants and + can lead to surprising behaviour. Furthermore, negative caching of host + lookups is also disabled now by default. This should fix the issue of dns + lookups failing in the presence of an unreliable network. If the old behaviour is desired, this can be restored by setting