nsscache: open source named services system release
November 6th, 2007 | Published in Google Code
Remember remember the fifth of november, especially if you have to manage unix Named Services (NSS) on a lot of workstations! We're releasing a small python utility, called nsscache, that is used to cache remote NSS maps locally on a given host. Combined with cron, it provides a simple and effective way to remove a critical network dependency from your hosts and potentially speed things up a bit.
You'd be surprised how upset a system can get with a slow, unresponsive, or missing NSS.
This initial release supports pulling passwd, shadow, and group maps from an RFC 2307 LDAP schema and storing them in either nssdb or flat text files. In a wee bit, we'll also release support for netgroup and automount maps as well. The utility is fairly plug and play; our hope is that folks who use it with other data sources (sql databases, soap, etc) and possibly other data stores will extend our codebase and share their extensions with the rest of the open source community.
Why you may be interested?
As soon as you have more than one machine in your network, you want to share usernames between those systems. Linux administrators have been brought up on the convention of LDAP or NIS as a directory service, and /etc/nsswitch.conf, nss_ldap.so, and nscd to manage their nameservice lookups.
Even small networks will have experienced intermittent name lookup failures, such as a mail receiver sometimes returning "User not found" on a mailbox destination because of a slow socket over a congested network, or erratic cache behaviour by nscd. To combat this problem, we have separated the network from the NSS lookup codepath, instead using an asynchronous cron job and a glorified script, improving the speed and reliability of NSS lookups.
We'll be giving a small presentation about our motivations and experiences at the upcoming linux.conf.au event in Melbourne Australia, if you happen to be down under in February!