If I understand the problem correct, systemd changed the setup to block access
to the network for several services used during login, and this break
any NSS module fetching information from a network service, like the NIS
one.   If so, this problem will affect others, like libnss-ldap and
libnss-mdns, and is not NIS specific.  It will not affect NSS modules
with a separate daemon connecting to the network service, like libnss-ldapd
and libnss-sss.

The recommondation to use the Name Service Cache Daemon (nscd) will cause
new and interesting problems with NIS, and is perhaps not the best way to
solve this.  The NSCD cache some times will end up in an inconsistent state,
and might cause users to log in with an incomplete set of groups, if I
recall the problem correctly.

It seem safer to not block all network connections when some of the
"network enabled" NSS modules are active.

Happy hacking
Petter Reinholdtsen

Reply via email to