Andy Harrison wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/10/07, Craig White wrote:
As for 'critical apps that require' nscd...I don't personally know of any and if we are talking about CentOS-5 which has 2.3.27 version of openldap...the 2.3.x versions are very fast and I'm not certain that nscd is of all that much benefit (but I don't know because I have never tested it out).
Can CentOS (openldap) be configured to work without nscd for file ownership over nfs mounted volumes?
Andy Harrison
Problem solved (kind of). Openldap was working for logins, but not for launching certain apps, that's why nscd was installed. Launching acroread with strace showed the following.
<snip> [2]$ strace /usr/local/Adobe/Acrobat7.0/bin/acroread 2>&1|tee| grep nss open("/etc/nsswitch.conf", O_RDONLY) = 4 read(4, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1658 open("/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib64/tls/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/tls/i686/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/tls/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/i686/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/libnss_files.so.2", O_RDONLY) = 4 open("/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib64/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib64/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) </snip>
With the i386 libs for ldap installed acroread along with other programs were able to get their user id authentication and run properly, therefore nscd was no longer needed.
This did not solve the mystery of why nscd was dying, just eliminated the need for it. Here is part of the strace on nscd (4096 is the pid). There is a lot of stuff above this, but the end where is segfaults always looks pretty much the same.
<snip> geteuid32() = 430 open("/etc/passwd", O_RDONLY) = 4 fcntl64(4, F_GETFD) = 0 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 fstat64(0x4, 0xffffcd2c) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0x1000) = 0xfffffffff7429000 read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1946 read(4, "", 4096) = 0 close(4) = 0 munmap(0xf7429000, 4096) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- exit_group(1) = ? Process 27033 detached </snip>
Haven't tested to see if the i386 libnss_ldap fixed the nscd issue.