Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Oct 2020 13:20:23 +0100
From: Florian Weimer <>
To: Jesse Hathaway <>
Cc:,  Rich Felker <>,  Arjun Shankar
Subject: Re: Plans to remove nscd in Fedora

* Jesse Hathaway:

> On Fri, Oct 23, 2020 at 8:29 AM Carlos O'Donell <> wrote:
>> My opinion is that we want something much thinner than nscd to provide
>> NSS for statically linked applications, and that such an interface
>> should not provide caching. If we really wanted we could keep the nscd
>> socket interface but implement an NSS daemon for this e.g. nssd that would
>> just run all the time and could be depended upon by static applications.
>> It would have to be well audited and very simple.
>> The caching that nscd does has many legacy problems that are better solved
>> and maintained by other daemons that implement a split NSS module approach
>> (as Florian notes).
> Given the increasing prevalence of statically deployed programs from
> languages such as C, Go, Rust, and even Haskell.  I would love to see
> continued distribution support for querying NSS from these
> programs. An nscd variant without caching seems like a good approach,
> but I think it would be unfortunate to remove nscd from distributions
> before an alternative approach was available.

But Go and Haskell are really old by now, and nscd support hasn't landed
in those language run-times (and their de-facto default
implementations).  After ten to thrity years of waiting, is it still
reasonable to expect that this might happen.

Even for C, there is no push to make nscd a mandatory installation
requirement once the system uses services beyond the “dns” and “files”
modules.  I would have expected to see a development in this direction
by now there as well.  It's not just that we have turned down such
requests, they did not even happen.

I suspect it's just that users that have large databases under /etc or
require on remote integration have little interest in static linking and
vice versa.

An added complication is that a model involving a separate daemon does
not work well for containers.

Red Hat GmbH, , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.