Re: nssd (was RFC: Going the LDAP/Kerberos way with NetBSD.)

On 02/05/2008, at 2:07 AM, Christos Zoulas wrote:

> My experience with nssd has only been pain. While it is a good idea if
> properly implemented, I have not seen a proper implementation of it  
> and
> I don't think that it is easy to write one. Issues:
>
> 1. It introduces a level of cacheing which can lead to annoying
>   consistency issues if there is more cacheing happening at the
>   directory server level.  What would be ideal is to teach all
>   the directory server backends to do uncached calls when they
>   are contacted by nssd.

Modifying third-party backends to not suck aside can anyone provide a  
bit more detail about what properties an acceptable design would  
exhibit and could be practically implemented?

> 2. It introduces an extra context switch for each lookup. This is
>   why sun invented doors.

Not knowing anything about doors.  How does its use eliminate context  
switch-per-lookup?  Is it that it can service more than one lookup per  
context switch or is there more to it than that?

Ty