SSSD's depedency on NSCD should be optional or maybe removed

[bbigras]

Issue description

It seems it's not recommenced to use NSCD with SSSD:

SSSD is not designed to be used with the NSCD daemon. Even though SSSD does not directly conflict with NSCD, using both services can result in unexpected behavior, especially with how long entries are cached.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/usingnscd-sssd

Right now with the current nixos/modules/services/misc/sssd.nix it's not possible to disable NSCD.

nixpkgs/nixos/modules/services/misc/sssd.nix

Line 47 in 4aa5504

message = "nscd must be enabled through `services.nscd.enable` for SSSD to work.";

also because of the NSS dependency:

nixpkgs/nixos/modules/config/nsswitch.nix

Line 69 in 4aa5504

message = "Loading NSS modules from path ${config.system.nssModules.path} requires nscd being enabled.";

I'm using SSSD to log in using Active Directory. It seems to work fine without NSCD.

Technical details

• system: "x86_64-linux"
• host os: Linux 4.14.37, NixOS, 18.03.git.eac5319 (Impala)
• multi-user?: yes
• sandbox: no
• version: nix-env (Nix) 2.0.1
• channels(bidon): ""
• channels(root): "nixos-18.03, nixos-unstable-18.09pre138687.1b1be29bf82"
• nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs

[flokli]

This is not really trivial to solve - one approach might be the one descibed in #55276, which would allow us to make nscd optional again.

[flokli]

We basically disable nscd's caching, and only (ab)use it as a service knowing all nss modules we want to be present - sssd should be the only thing to be really caching, if it's configured to do so.