On Tue, Jun 25, 2013 at 12:15 AM, Jiri B <[email protected]> wrote: > On Mon, Jun 24, 2013 at 05:43:35PM +0200, Christiano F. Haesbaert wrote: >> On 24 June 2013 15:37, Ioana b <[email protected]> wrote: >> > is there any kind of name service cache system like nscd for linux >> > available any time soon? It would be helpful to have a cache for the users >> >> You can use bind on the machine itself for that. > > She was talking about something else, about caching users/passwords from > a directory server locally in case of the directory server unavailability. > >> > password in case the authentication system is unavailable.
First of all, a plain cache is a *poor* means of increasing availability, as it provides no guarantees. Caches are about decreasing latency or access cost at the price of possibly out-of-date results. Note also that nscd, in both its Solaris and Linux implementations, has been a target of hate by sysadmins due to how it's behaved. So, how can you increase the availability of the user/group name services in OpenBSD? Well, the only supported such name service is YP. The method of supplying HA will then depend on the YP service setup. Plain YP server that get data from files? Set up slave servers, possibly making every host a slave, though that would probably require custom map distribution scripts to handle inaccessible hosts. YP server is ypldap, getting data from LDAP? Run that on every host and replicate the LDAP data. Philip Guenther
