Commit - SSSD/sssd - 40e9ad2bf250cc3bfcdec7fb96031e2771160f69

    NSS: Make NSS responder socket-activatable
    
    As part of the effort of making all responders socket-activatable, let's
    make the NSS responder ready for this by providing its systemd's units.
    
    In case the administrators want to use NSS responder taking advantage
    of socket-activation they will need to enable sssd-nss.socket and after
    a restart of the sssd service, the NSS socket will be ready waiting for
    any activity in order to start the NSS responder. Also, the NSS
    responder must be removed from the services line on sssd.conf.
    
    The NSS responder service is binded to the SSSD service, which means
    that the responder will be restarted in case SSSD is restarted and
    shutdown in case SSSD is shutdown/crashes.
    
    Is quite important to mention that NSS responder will always run as
    root. The reason behind this is that systemd calls getpwnam() and
    getgprnam() when "User="/"Group=" is set to something different than
    "root". As it's done _before_ starting NSS responder, the clients would
    end up hanging for a few minutes (due to "default_client_timeout"),
    which is something that we really want to avoid.
    
    Related:
    https://fedorahosted.org/sssd/ticket/2243
    
    Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
    Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

Makefile.am

file modified

+14 -0

contrib/sssd.spec.in

file modified

+6 -0

src/responder/nss/nsssrv.c

file modified

+1 -0

src/sysv/systemd/sssd-nss.service.in

file added

+13

src/sysv/systemd/sssd-nss.socket.in

file added

+12

SSSD / sssd

Source Code

Documentation

40e9ad2 NSS: Make NSS responder socket-activatable

5 files Authored by fidencio 7 years ago, Committed by lslebodn 7 years ago,

`40e9ad2` NSS: Make NSS responder socket-activatable