On Thu, 2009-08-13 at 09:27 -0400, Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 08/13/2009 08:38 AM, Simo Sorce wrote: > > On Thu, 2009-08-13 at 08:54 -0400, Stephen Gallagher wrote: > >>> NOTE: this means that until the first background enumeration is > >>> complete, a getent passwd or a getent group call may return incomplete > >>> results. I think this is acceptable as it will really happen only at > >>> startup, when the daemon caches are empty. > >>> > >> I disagree. If we're going to have a startup enumeration, then we should > >> simply not enable handling NSS requests until that first enumeration is > >> complete. Incomplete results can be worse than no results. I assume NSS > >> has a return code for temporary failure? > > > > Internally, yes, but all it does it to return no results to the user > > space. Not returning results is == returning partial results. So I see > > no difference here. > > I was referring to having our NSS client-side component return TRYAGAIN > or UNAVAIL instead of zero results, since the nsswitch.conf file can be > configured to handle these appropriately.
We could do that, but how is it going to really make any difference for getent passwd ? Simo. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
