nis cacheing problem ?
Matthew Galgoci
mgalgoci at redhat.com
Tue Apr 10 16:22:40 UTC 2007
> Had a situation today on a RHEL ES 4 U3 system that is running as a NIS
> master. A user defined in NIS, and not in the local passwd file,
> changed password. The change was reflected the the passwd map as seen
> with "ypcat passwd | grep username", but login to the system still
> required his "old" password. To my surprise, "ypmatch username passwd"
> returned a record with the old password hash... ie, it was different
> that what was returned by ypcat. This situation persisted overnight. A
> ypserv restart corrected the problem.
>
> My first though was nscd, but I notice that it isn't running (not
> configured to start...). This leads to two questions.
>
> 1. Any advice or experience that bears on the mismatch between ypcat
> and ypmatch ?
> 2. What are the tradeoffs for running or not running nscd on this
> release ?
Depending on your environment you can probably run a couple hundred NIS
clients without nscd and your NIS master wouldn't break a sweat. In my
experience nscd only becomes critical when using nss_ldap (even with a
small number of clients!!).
If you must use nscd, take a hard look at tuning the /etc/nscd.conf paramaters
that define caching sematics for name lookups.
--
Matthew Galgoci
GIS Production Operations
Red Hat, Inc
919.754.3700 x44155
More information about the redhat-sysadmin-list
mailing list