Bug 1747505

Summary: glibc: Add a comment to the default nscd.conf file that is it not recommended to use NSCD and SSSD for the same NSS maps
Product: Red Hat Enterprise Linux 8 Reporter: Carlos O'Donell <codonell>
Component: glibcAssignee: Patsy Griffin <pfrankli>
Status: CLOSED ERRATA QA Contact: qe-baseos-tools-bugs
Severity: low Docs Contact:
Priority: unspecified    
Version: 8.2CC: ashankar, codonell, dj, fweimer, jhrozek, knweiss, mcermak, mnewsome, pfrankli, qe-baseos-tools-bugs, skolosov
Target Milestone: rcKeywords: Patch, Regression
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glibc-2.28-77.el8 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 1488370 Environment:
Last Closed: 2020-04-28 16:50:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1488370    
Bug Blocks: 1746918, 1755139    

Description Carlos O'Donell 2019-08-30 16:10:47 UTC
Cleanup nsswitch.conf comments following upstream commits:

commit 4b7c74179c8928d971d370e1137d202f891a4cf5
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Wed Mar 20 12:40:18 2019 -0400

    nss: Make nsswitch.conf more distribution friendly.

commit d34d4c80226b3f5a1b51a8e5b005a52fba07d7ba
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Wed Mar 20 22:11:32 2019 -0400

    nscd: Improve nscd.conf comments.
    
    This change adds a warning to nscd.conf about running multiple caching
    services together and that it may lead to unexpected behaviours. Also we
    add a note that enabling the 'shared' option will cause cache hit rates
    to be misreported (a side effect of the implementation).

Comment 5 Carlos O'Donell 2019-10-29 17:12:51 UTC
QA failure caught by gating is now fixed upstream.

We need to backport this additional commit to RHEL 8.2, and Fedora 31/30 (Rawhide will catch up in the weekly sync).

commit eed1f6fcdb0526498223ebfe95f91ef5dec2172a (HEAD -> master, origin/master, origin/HEAD)
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Tue Oct 29 11:58:03 2019 -0400

    Comment out initgroups from example nsswitch.conf (Bug 25146)
    
    In commit 4b7c74179c8928d971d370e1137d202f891a4cf5 the nsswitch.conf
    file was harmonized with downstream distributions, but this change
    included adding "initgroups: files". We should not add initgroups by
    default, we can have it, but it should be commented out to allow it
    to inherit the settings for group. The problem is principally that
    downstream authconfig won't update initgroups and it will get out of
    sync with the setting for group.

Comment 9 Sergey Kolosov 2020-02-10 14:33:31 UTC
Verified by reviewing /etc/nscd.conf config file.

Comment 11 errata-xmlrpc 2020-04-28 16:50:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1828