[Fusionforge-general] postgresql error message (ignoring, but…)

Christian Bayle christian.bayle at orange-ftgroup.com
Fri Oct 15 13:19:20 CEST 2010


Le 13/10/2010 11:12, Thorsten Glaser a écrit :
> On Wed, 13 Oct 2010, Roland Mas wrote:
>
>    
>> Right.  A name resolution causes nss_pgsql to try to connect to the
>> database; this in turn causes a new name resolution, which is blocked
>> because the library can't handle two in parallel (or something).
>>      
> Mhm. Shouldn’t nscd prevent something like that?
>
>    
>>    Basically, we should switch to nss-db, and generate an appropriate db
>> from the PostgreSQL data.  But this would mean either going back to the
>> crontab way (with the one-hour delay between changes in FF and changes
>>      
> nscd implies delays too, although I have reduced them to 300s.
>
> I was wondering what nss-db is and searched and found
> http://www.linuxfromscratch.org/hints/downloads/files/nss_db.txt
> and think I must object to it using bdb… we’re running an SKS
> keyserver, whose BDB needs a db4.6_recover every night, and
> *still* fails (needs kill -9 to die, doesn’t start up any more)
> occasionally.
>
> Why not generate passwd/group/shadow directly?
>
>    
probably forbidden by policy, and rather dangerous, would be better to 
use some triggered adduser/deluser or whatever, remember that:

- indexing can also be necessary when handling many users
- some user may use external database od users (nis, ldap)
- some user may like to use pam,  sasl , ldap backend to sql, etc, etc, ...

would be better to think in term of provider/consumer for 
authentication/identification/session/permission and to be able to 
overload/change easily each of them.
>> in Unix users and groups) or going forward to the proposed on-the-fly
>> triggering of required cronjobs (which is only a thought at the moment).
>>      
> That would pretty much be nice.
>
>    
- just port what is done in codendi would do it.

Christian



More information about the Fusionforge-general mailing list