# We basically use nscd as a proxy for forwarding nss requests to appropriate # nss modules, as we run nscd with LD_LIBRARY_PATH set to the directory # containing all such modules # Note that we can not use `enable-cache no` As this will actually cause nscd # to just reject the nss requests it receives, which then causes glibc to # fallback to trying to handle the request by itself. Which won't work as glibc # is not aware of the path in which the nss modules live. As a workaround, we # have `enable-cache yes` with an explicit ttl of 0 enable-cache passwd yes positive-time-to-live passwd 0 negative-time-to-live passwd 0 shared passwd yes enable-cache group yes positive-time-to-live group 0 negative-time-to-live group 0 shared group yes enable-cache netgroup yes positive-time-to-live netgroup 0 negative-time-to-live netgroup 0 shared netgroup yes enable-cache hosts yes positive-time-to-live hosts 600 negative-time-to-live hosts 0 shared hosts yes enable-cache services yes positive-time-to-live services 0 negative-time-to-live services 0 shared services yes