man pages section 5: File Formats

nscd.conf(5)

Name

nscd.conf - name service cache daemon configuration

Synopsis

svc:/system/name-service/cache

/etc/nscd.conf

Description

The SMF service svc:/system/name-service/cache contains the configuration information for nscd(8).

Do not edit the /etc/nscd.conf file as it is private.

Service configuration is applied from built-in defaults or from the config property group. Provide Individual Cache configuration properties from within their specific property group, or when unspecified by the default property group.

Service Configuration Properties

The following table shows the service configuration properties that are in the config property group:

PROPERTY USAGE config/enable_per_user_lookup Enable per-user lookups config/per_user_nscd_time_to_live Per-user nscd time to live config/logfile Log file location config/debug_level Debugging/Log level flags config/debug_components Subsystem debugging config/global_check_smf_state_interval SMF status check interval

enable_per_user_lookup value

Explicitly enable or disable nscd per-user mode, see nscd(8). By default, the value is unset in SMF, which causes nscd to determine whether the following conditions are true at startup:

• ldap is configured in nsswitch.conf(5)

• svc:/network/ldap/client (ldap_cachemgr(8)) is enabled

• ldapclient(8) has credentialLevel set to self.

Valid values for this property are true and false.

When enabled, multiple nscd processes exist. Two nscd processes that have a UID of 0 (the parent and a forker) are always running, while other per-user nscd processes that have a non-0 UID only run as needed.

Using per-user lookups might not be possible if the corresponding name service switch backends do not support those lookups or if the backends are not configured to do so. Currently, ldap(7) is the only applicable backend, see ldapclient(8) for information about the credentialLevel and the authenticationMethod properties.

per_user_nscd_time_to_live value

Sets the idle time-to-live value for the non-0 UID per-user nscd processes. The value, in seconds, is based on the last time the per-user nscd was active. The default value is 120 seconds.

logfile filename

Specifies name of the file in which to write debug information. By default, the file is /dev/null. Logging depends on the debug_level and debug_components settings. Note that the log file can grow to multiple gigabytes very quickly.

global_check_smf_state_interval value

Interval between checking the status of dependent SMF services such as ldap(7), nis(7) and mdnsd(8). The default value is 120 seconds.

debug_level value

Specifies the desired debug level. The default value is "None". Use the svccfg describe command to list available levels. Note that the configuration values and the debug level output can change at any time, so do not depend upon this information in scripts.

debug_components value

Specifies the nscd components that should generate debug messages. The default value is "None". Use the svccfg describe command to view the available components and a brief description of each. Note that the configuration values and the component output can change at any time, so do not depend upon this information in scripts.

Cache Configuration Groups

You can configure a specific cache in its individual property group. The following table summarizes the supported databases, their respective SMF service property group names, and the entities that use them. The Database column shows the form used by nscd usage output, while the Group column shows the name used for the SMF property group.

Database Group Used By auth_attr auth_attr getauthnam(3C) automount automount automount(8) bootparams bootparam rpc.bootparamd(8) ethers ether ethers(3C) exec_attr exec_attr exec_attr(5) group group getgrnam(3C) hosts host getaddrinfo(3C), getnameinfo(3C), gethostent(3C). ipnodes host getaddrinfo(3C), getnameinfo(3C), getipnodebyaddr(3C). netgroup netgroup innetgr(3C) netmasks netmask ipadm(8) networks network getnetbyname(3C) passwd password getpwnam(3C), getspnam(3C) prof_attr prof_attr getprofnam(3C), getexecprof(3C) project project getprojent(3PROJECT), getdefaultproj(3PROJECT), inproj(3PROJECT), newtask(1), setproject(3PROJECT) protocols protocol getprotobyname(3C) rpc rpc getrpcbyname(3C) services service getservbyname(3C) tnrhtp tnrhtp tnctl(8) tnrhdb tnrhdb tnctl(8) user_attr user_attr getuserattr(3C)

Note that the ipnodes cache uses host group properties while being cached independently.

Cache Configuration Properties

The following cache configuration properties are available within a Group or the default property group:

check_file_interval value

Specifies an interval, in seconds, for the minimum time between check_files checks. The default value is 0, which performs a check each time the associated database is queried.

check_files value

Enables or disables the periodic checking of the corresponding cache file. The time period is based on the number of seconds specified by the check_file_interval property. By default, the periodic check is enabled. The checks include the file's modified date, size, and inode number. In addition, the check invalidates the cache if any of the checked values differ from when the file was last read. If you disable these checks you might experience a slight performance boost. Disable these checks when you do not modify the file and run the nscd -i cachename command as needed. Valid values are true and false.

enable_cache value

Enables or disables the specified cache. The value can be either true or false.

keep_hot_count value

Use this attribute to specify the number of entries that nscd(8) keeps current in the specified cache. The value is an integer that approximates the number of entries that are used frequently during the day.

negative_time_to_live value

Specifies the time-to-live, in seconds, for unsuccessful queries (negative entries) of the specified cache. Keep this value small to reduce cache coherency issues.

positive_time_to_live value

Specifies the time-to-live, in seconds, for successful queries (positive entries) of the specified cache. Larger values increase cache hit rates and reduce mean response times and might increase problems with cache coherence. Set the value to at least 43200 seconds (12 hours) to improve performance for sites that update NIS maps nightly. When DNS is the source, use the DNS-returned TTL value unless it is greater than the positive_time_to_live property value. See nsswitch.conf(5).

Examples

Example 1 Setting the passwd Cache's negative_time_to_live Property Value to Ten Seconds.

Specifying a larger value might result in significant performance improvements if several files are owned by user IDs (UIDs) that are not in system databases.

example# svccfg -s name-service/cache
svc:/system/name-service/cache> addpg password application
svc:/system/name-service/cache> setprop password/negative_time_to_live = 10
svc:/system/name-service/cache> refresh

Note that you must add a property group before you can set the group's properties.

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE Availability system/core-os Interface Stability Committed

See Also

auth_attr(5), bootparams(5), ethers(5), exec_attr(5), group(5), hosts(5), netmasks(5), networks(5), nsswitch.conf(5), passwd(5), prof_attr(5), project(5), protocols(5), rpc(5), services(5), user_attr(5), attributes(7), ldap(7), nis(7), ldap_cachemgr(8), mdnsd(8), nscd(8), svccfg(8)

History

The Solaris 2.5 OS introduced the /etc/nscd.conf file as the nscd administrative configuration file.

The Oracle Solaris 10 OS introduced the svc:/system/name-service-cache service. Having this service enabled has been recommended since Solaris 10 8/07.

The Oracle Solaris 11.0 OS introduced the svc:/system/name-service/cache service and replaced the /etc/nscd.conf administrative configuration file. Starting with Oracle Solaris 11.4, the service must be enabled and be online with the nscd daemon running for certain configurations to function correctly.