unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: "Ludovic Courtès" <ludo@gnu.org>
To: Chris Marusich <cmmarusich@gmail.com>
Cc: guix-devel@gnu.org
Subject: Re: How to use Guix with sssd, not nscd, on a foreign distro?
Date: Mon, 28 Feb 2022 14:42:56 +0100	[thread overview]
Message-ID: <87pmn7cdjz.fsf@gnu.org> (raw)
In-Reply-To: <87y222usfr.fsf@gmail.com> (Chris Marusich's message of "Tue, 22 Feb 2022 20:18:16 -0800")

Hello,

Chris Marusich <cmmarusich@gmail.com> skribis:

> The Guix manual recommends running nscd:
>
> https://guix.gnu.org/manual/en/html_node/Application-Setup.html
>
> However, Fedora intends to remove it:
>
> https://fedoraproject.org/wiki/Changes/RemoveNSCD

D’oh!  This is bad.  It might suggest that nscd will vanish from glibc
as well, given it’s partly developed by the same group of people.

AFAIK, nscd is the only way to allow glibc’s name service switch (NSS)
to be used on a system where multiple glibc versions might coexist.
This is a problem Fedora doesn’t have: there’s always a single glibc
package installed.

[...]

> The Fedora document explains that at least the hosts cache will be
> handled by systemd-resolved.  Can I expect Guix-built programs to "try
> to use systemd" when resolving host names, or is additional
> configuration likely to be required?

I suppose there’s a systemd-resolved NSS module, and /etc/nsswitch.conf
points to it.

> Regarding sssd specifically, how can I arrange for a Guix-built program
> to "try to use sssd" first?

The relevant glibc functions always check nsswitch.conf and use the
methods prescribed there.  When nscd is not running, they might end up
trying to dlopen libnss_sssd.so, which will usually fail.

One way to work around it is described here:

  https://lists.gnu.org/archive/html/guix-devel/2020-08/msg00168.html

But this is pretty much a last resort and not something we’d recommend
for general use.

HTH!

Ludo’.


  parent reply	other threads:[~2022-02-28 13:52 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-23  4:18 How to use Guix with sssd, not nscd, on a foreign distro? Chris Marusich
2022-02-23  7:32 ` Lars-Dominik Braun
2022-02-28 13:42 ` Ludovic Courtès [this message]
2022-03-01 17:24   ` Ludovic Courtès
2022-06-21 14:57 ` sssd, not nscd, foreign distro and release? zimoun
2022-06-22 13:44   ` Ludovic Courtès

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87pmn7cdjz.fsf@gnu.org \
    --to=ludo@gnu.org \
    --cc=cmmarusich@gmail.com \
    --cc=guix-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).