The difference between nscd and sssd

Quite confused over the difference between Linux Name Service Caching Daemon (NSCD) and System Security Service Daemon (SSSD). As far as I understand, both are used to cache authentication lookup information on the local machine, and still it seems both can be used on the same machine.

What are the differences between the two, and in which cases should I use both ?

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/usingnscd-sssd.html

Asked By: Dan

||
Source

The nscd is a daemon that provides a cache for the most common name service requests like passwd, group, hosts, service and netgroup.

sssd primarily provides daemons to manage access to remote directories and authentication mechanisms like LDAP, Kerberos, NIS, etc…so it is more about authentication and authorization. It does have its own caching mechanism e.g. for users and groups but there are some more. Consult the manpage of sssd.conf for further details.

As in the linked article explained, sssd and nscd should not be used at the same time as it can result in unexpected lookups. If you need nscd e.g. for caching hosts entry, which sssd does not cache, it is recommended to configure nscd only for hosts and rely on user, group, etc. caching on sssd.

I think the cases you need to run both services are very rare, since the hosts caching is the only entry that sssd does not cache.

Answered By: Thomas
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.