unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* How to use Guix with sssd, not nscd, on a foreign distro?
@ 2022-02-23  4:18 Chris Marusich
  2022-02-23  7:32 ` Lars-Dominik Braun
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Chris Marusich @ 2022-02-23  4:18 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 3075 bytes --]

Hi,

The Guix manual recommends running nscd:

https://guix.gnu.org/manual/en/html_node/Application-Setup.html

However, Fedora intends to remove it:

https://fedoraproject.org/wiki/Changes/RemoveNSCD

The document says:

"The hosts cache will automatically be replaced by the one provided by
systemd-resolved. However, in order to restore caching functionality for
other caches provided by nscd, the system administrator will need to
install and/or configure sssd (by enabling sssd with authconfig, and
editing /etc/sssd/sssd.conf to enable it to work with nss)."

This poses a problem for people who use Fedora, like myself.  I tried to
set up sssd on my Fedora machine, but I couldn't get it to work.

Let's take a step back.  Why does the Guix manual recommend using nscd?
The Guix manual explains why in the link above.  To rephrase the manual,
my understanding is that if nscd is available, then a program using
glibc will "try to use nscd" first.  However, if nscd is not available,
then the program will attempt to dlopen shared objects, and in some
cases the program might dlopen an incompatible shared object from the
foreign distro (e.g., libnss_*.so files on Fedora, which may be
incompatible with the glibc used by a program that Guix built).

The Fedora document explains that at least the hosts cache will be
handled by systemd-resolved.  Can I expect Guix-built programs to "try
to use systemd" when resolving host names, or is additional
configuration likely to be required?

Regarding sssd specifically, how can I arrange for a Guix-built program
to "try to use sssd" first?  I know that the specific steps for how to
do this on Fedora might be different from other systems.  For example,
maybe on Fedora there is some fancy authselect/authconfig thing you can
do to configure everything more easily.  That's fine, and I will figure
out what to do at a higher level as needed.  However, for now I just
want to know the very basics: fundamentally, what configuration needs to
exist in order to ensure that Guix-built programs will "use" sssd, in
the same way that they would "use" nscd?  I want to avoid the kind of
problems that the manual discusses, but I want to do it with sssd.

I believe this will require changes to /etc/nsswitch.conf, as well as
configuration for sssd.  Anything else?  I have never written sssd
configuration files, and the sssd manual was not very approachable for
me, so I'm starting from essentially zero knowledge about sssd.  It
seems rather complex.  Has anyone tried setting up sssd and configuring
nsswitch to use it, in order to avoid the kinds of issues that the Guix
manual discusses?

Any tips would be welcome.  Maybe I should just switch back to Guix
System and avoid this headache, but I think there are lots of people out
there who use Fedora, so it would be good for Guix adoption if we can
have a recommended solution ready for people who are curious to try Guix
on Fedora.

-- 
Chris

PGP: https://savannah.gnu.org/people/viewgpg.php?user_id=106836

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 861 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-06-22 13:45 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-23  4:18 How to use Guix with sssd, not nscd, on a foreign distro? Chris Marusich
2022-02-23  7:32 ` Lars-Dominik Braun
2022-02-28 13:42 ` Ludovic Courtès
2022-03-01 17:24   ` Ludovic Courtès
2022-06-21 14:57 ` sssd, not nscd, foreign distro and release? zimoun
2022-06-22 13:44   ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).