Go to main content

man pages section 5: File Formats

Exit Print View

Updated: Wednesday, February 9, 2022
 
 

nscd.conf(5)

Name

nscd.conf - name service cache daemon configuration

Synopsis

svc:/system/name-service/cache
/etc/nscd.conf

Description

The SMF service svc:/system/name-service/cache contains the configuration information for nscd(8).

Do not edit the /etc/nscd.conf file as it is private.

Service configuration is applied from built-in defaults or from the config property group. Provide Individual Cache configuration properties from within their specific property group, or when unspecified by the default property group.

Service Configuration Properties

The following table shows the service configuration properties that are in the config property group:

PROPERTY
USAGE
config/enable_per_user_lookup
Enable per-user lookups
config/per_user_nscd_time_to_live
Per-user nscd time to live
config/logfile
Log file location
config/debug_level
Debugging/Log level flags
config/debug_components
Subsystem debugging
config/global_check_smf_state_interval
SMF status check interval
enable_per_user_lookup value

Explicitly enable or disable nscd per-user mode, see nscd(8). By default, the value is unset in SMF, which causes nscd to determine whether the following conditions are true at startup:

Valid values for this property are true and false.

When enabled, multiple nscd processes exist. Two nscd processes that have a UID of 0 (the parent and a forker) are always running, while other per-user nscd processes that have a non-0 UID only run as needed.

Using per-user lookups might not be possible if the corresponding name service switch backends do not support those lookups or if the backends are not configured to do so. Currently, ldap(7) is the only applicable backend, see ldapclient(8) for information about the credentialLevel and the authenticationMethod properties.

per_user_nscd_time_to_live value

Sets the idle time-to-live value for the non-0 UID per-user nscd processes. The value, in seconds, is based on the last time the per-user nscd was active. The default value is 120 seconds.

logfile filename

Specifies name of the file in which to write debug information. By default, the file is /dev/null. Logging depends on the debug_level and debug_components settings. Note that the log file can grow to multiple gigabytes very quickly.

global_check_smf_state_interval value

Interval between checking the status of dependent SMF services such as ldap(7), nis(7) and mdnsd(8). The default value is 120 seconds.

debug_level value

Specifies the desired debug level. The default value is "None". Use the svccfg describe command to list available levels. Note that the configuration values and the debug level output can change at any time, so do not depend upon this information in scripts.

debug_components value

Specifies the nscd components that should generate debug messages. The default value is "None". Use the svccfg describe command to view the available components and a brief description of each. Note that the configuration values and the component output can change at any time, so do not depend upon this information in scripts.

Cache Configuration Groups

You can configure a specific cache in its individual property group. The following table summarizes the supported databases, their respective SMF service property group names, and the entities that use them. The Database column shows the form used by nscd usage output, while the Group column shows the name used for the SMF property group.

Database
Group
Used By
auth_attr
auth_attr
automount
automount
bootparams
bootparam
ethers
ether
exec_attr
exec_attr
group
group
hosts
host
ipnodes
host
netgroup
netgroup
netmasks
netmask
networks
network
passwd
password
prof_attr
prof_attr
project
project
protocols
protocol
rpc
rpc
services
service
tnrhtp
tnrhtp
tnrhdb
tnrhdb
user_attr
user_attr

Note that the ipnodes cache uses host group properties while being cached independently.

Cache Configuration Properties

The following cache configuration properties are available within a Group or the default property group:

check_file_interval value

Specifies an interval, in seconds, for the minimum time between check_files checks. The default value is 0, which performs a check each time the associated database is queried.

check_files value

Enables or disables the periodic checking of the corresponding cache file. The time period is based on the number of seconds specified by the check_file_interval property. By default, the periodic check is enabled. The checks include the file's modified date, size, and inode number. In addition, the check invalidates the cache if any of the checked values differ from when the file was last read. If you disable these checks you might experience a slight performance boost. Disable these checks when you do not modify the file and run the nscd -i cachename command as needed. Valid values are true and false.

enable_cache value

Enables or disables the specified cache. The value can be either true or false.

keep_hot_count value

Use this attribute to specify the number of entries that nscd(8) keeps current in the specified cache. The value is an integer that approximates the number of entries that are used frequently during the day.

negative_time_to_live value

Specifies the time-to-live, in seconds, for unsuccessful queries (negative entries) of the specified cache. Keep this value small to reduce cache coherency issues.

positive_time_to_live value

Specifies the time-to-live, in seconds, for successful queries (positive entries) of the specified cache. Larger values increase cache hit rates and reduce mean response times and might increase problems with cache coherence. Set the value to at least 43200 seconds (12 hours) to improve performance for sites that update NIS maps nightly. When DNS is the source, use the DNS-returned TTL value unless it is greater than the positive_time_to_live property value. See nsswitch.conf(5).

Examples

Example 1 Setting the passwd Cache's negative_time_to_live Property Value to Ten Seconds.

Specifying a larger value might result in significant performance improvements if several files are owned by user IDs (UIDs) that are not in system databases.

example# svccfg -s name-service/cache
svc:/system/name-service/cache> addpg password application
svc:/system/name-service/cache> setprop password/negative_time_to_live = 10
svc:/system/name-service/cache> refresh

Note that you must add a property group before you can set the group's properties.

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/core-os
Interface Stability
Committed

See Also

auth_attr(5), bootparams(5), ethers(5), exec_attr(5), group(5), hosts(5), netmasks(5), networks(5), nsswitch.conf(5), passwd(5), prof_attr(5), project(5), protocols(5), rpc(5), services(5), user_attr(5), attributes(7), ldap(7), nis(7), ldap_cachemgr(8), mdnsd(8), nscd(8), svccfg(8)

History

The Solaris 2.5 OS introduced the /etc/nscd.conf file as the nscd administrative configuration file.

The Oracle Solaris 10 OS introduced the svc:/system/name-service-cache service. Having this service enabled has been recommended since Solaris 10 8/07.

The Oracle Solaris 11.0 OS introduced the svc:/system/name-service/cache service and replaced the /etc/nscd.conf administrative configuration file. Starting with Oracle Solaris 11.4, the service must be enabled and be online with the nscd daemon running for certain configurations to function correctly.