Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
Previous Next

About the Name Service Switch

The name service switch is a file which is named, nsswitch.conf. The name service switch controls how a client machine or application obtains network information. The name service switch is used by client applications that call any of the getXbyY() interfaces such as the following.

  • gethostbyname()

  • getpwuid()

  • getpwnam()

  • getaddrinfo()

Each machine has a switch file in its /etc directory. Each line of that file identifies a particular type of network information, such as host, password, and group, followed by one or more locations of that information.

A client can obtain naming information from one or more of the switch's sources. For example, an NIS+ client could obtain its hosts information from an NIS+ table and its password information from a local /etc file. In addition, the client could specify the conditions under which the switch must use each source. See Table 2-1.

The Solaris system automatically loads an nsswitch.conf file into every machine's /etc directory as part of the installation process. Four alternate (template) versions of the switch file are also loaded into /etc for LDAP, NIS, NIS+, or files. See The nsswitch.conf Template Files.

These four files are alternate default switch files. Each file is designed for a different primary naming service: /etc files, NIS, NIS+, or LDAP. When the Solaris software is first installed on a machine, the installer selects the machine's default naming service: NIS+, NIS, local files, or LDAP. During installation, the corresponding template file is copied to nsswitch.conf. For example, for a machine client using LDAP, the installation process copies nsswitch.ldap to nsswitch.conf. Unless you have an unusual namespace, the default template file as copied to nsswitch.conf should be sufficient for normal operation.

No default file is provided for DNS, but you can edit any of these files to use DNS. For more information see DNS and Internet Access.

If you later change a machine's primary naming service, you copy the appropriate alternate switch file to nsswitch.conf. See The nsswitch.conf Template Files. You can also change the sources of particular types of network information used by the client by editing the appropriate lines of the /etc/nsswitch.conf file. The syntax is described below, and additional instructions are provided in How to Modify the Name Service Switch.

Format of the nsswitch.conf File

The nsswitch.conf file is essentially a list of 16 types of information and the sources that getXXbyYY() routines search for that information. The 16 types of information, not necessarily in this order, are the following.

  • aliases

  • bootparams

  • ethers

  • group

  • hosts

  • ipnodes

  • netgroup

  • netmasks

  • networks

  • passwd, which includes shadow information

  • protocols

  • publickey

  • rpc

  • services

  • automount

  • sendmailvars

The following table provides a description of the kind of sources that can be listed in the switch file for the information types above.

Table 2-1 Switch File Information Sources

Information Sources

Description

files

A file stored in the client's /etc directory. For example, /etc/passwd

nisplus

An NIS+ table. For example, the hosts table.

nis

An NIS map. For example, the hosts map.

compat

compat can be used for password and group information to support old-style + or - syntax in /etc/passwd, /etc/shadow, and /etc/group files.

dns

Can be used to specify that host information be obtained from DNS.

ldap

Can be used to specify entries be obtained from the LDAP directory.
Search Criteria

Single Source. If an information type has only one source, such as nisplus a routine using the switch searches for the information in that source only. If the routine finds the information, the routine returns a success status message. If the routine does not find the information, the routine stops searching and returns a different status message. What the routine does with the status message varies from routine to routine.

Multiple Sources. If a table contains multiple sources for a given information type, the switch directs the routine to search in the first listed source. If the routine finds the information, the routine returns a success status message. If the routine does not find the information in the first source, the routine tries the next source. The routine searches all sources until the routine has found the information, or until the routine is halted by a return specification. If all of the listed sources are searched without finding the information, the routine stops searching and returns a non-success status message.

Switch Status Messages

If a routine finds the information, the routine returns a success status message. If the routine does not find the information, the routine returns one of three error status messages. Possible status messages are listed in the following table.

Table 2-2 Switch Search Status Messages

Status Message

Meaning of Message

SUCCESS

The requested entry was found in the specified source.

UNAVAIL

The source is either unresponsive or unavailable. In other words, neither the NIS+ table, the NIS map, nor the /etc file could be found or be accessed.

NOTFOUND

The source responded with “No such entry.” In other words, the table, map, or file was accessed but the needed information was not found.

TRYAGAIN

The source is busy. The source might respond next time. In other words, the table, map, or file was found, but could not respond to the query.
Switch Action Options

You can instruct the switch to respond to status messages with either of the two actions shown in the following table.

Table 2-3 Responses to Switch Status Messages

Action

Meaning

return

Stop looking for the information.

continue

Try the next source.
Default Search Criteria

The combination of nsswitch.conf file status message and action option determines what the routine does at each step. The combination of status and action make up the search criteria.

The switch's default search criteria are the same for every source. As described in terms of the status messages listed above, see the following.

  • SUCCESS=return. Stop looking for the information. Proceed using the information that has been found.

  • UNAVAIL=continue. Go to the next nsswitch.conf file source and continue searching. If this source is the last or only source, return with a NOTFOUND status.

  • NOTFOUND=continue. Go to the next nsswitch.conf file source and continue searching. If this source is the last or only source, return with a NOTFOUND status.

  • TRYAGAIN=continue. Go to the next nsswitch.conf file source and continue searching. If this source is the last or only source, return with a NOTFOUND status.

You can change default search criteria by explicitly specifying some other criteria by using the STATUS=action syntax shown above. For example, the default action for a NOTFOUND condition is to continue the search to the next source. For example, to specify for networks, the search should stop in a NOTFOUND condition, edit the networks line of the switch file. The line would read as follows.

networks: nis [NOTFOUND=return] files

The networks: nis [NOTFOUND=return] files line specifies a nondefault criterion for the NOTFOUND status. Nondefault criteria are delimited by square brackets.

In this example, the search routine behaves as follows:

  • If the networks map is available, and contains the needed information, the routine returns with a SUCCESS status message.

  • If the networks map is not available, the routine returns with an UNAVAIL status message. By default, the routine continues to search the appropriate /etc file.

  • If the networks map is available and found, but the map does not contain the needed information, the routine returns with a NOTFOUND message. But, instead of continuing on to search the appropriate /etc file, which would be the default behavior, the routine stops searching.

  • If the networks map is busy, the routine returns with an TRYAGAIN status message and by default continues on to search the appropriate /etc file.

Note - Lookups in the nsswitch.conf file are done in the order in which items are listed. However, password updates are done in reverse order, unless otherwise specified by using the passwd -r repository command. See The Switch File and Password Information for more information.

What if the Syntax is Wrong?

Client library routines contain compiled-in default entries that are used if an entry in the nsswitch.conf file is either missing or syntactically incorrect. These entries are the same as the switch file's defaults.

The name service switch assumes that the table and source names are spelled correctly. If you misspell a table or source name, the switch uses default values.

Auto_home and Auto_master

The switch search criteria for the auto_home and auto_master tables and maps is combined into one category, which is called automount.

Timezone and the Switch File

The timezone table does not use the switch, so the table is not included in the switch file's list.

Comments in nsswitch.conf Files

Any nsswitch.conf file line beginning with a comment character (#) is interpreted as a comment line. A comment line is ignored by routines that search the file.

Characters preceding a comment mark are interpreted by routines that search the nsswitch.conf file. Characters to the right of the comment mark are interpreted as comments and ignored.

Table 2-4 Switch File Comment Examples

Type of Line

Example

Comment line.

# hosts: nisplus [NOTFOUND=return] files

Interpreted line.

hosts: nisplus [NOTFOUND=return] file

Partially interpreted line. The files element is not interpreted.

hosts: nisplus [NOTFOUND=return] # files

Keyserver and publickey Entry in the Switch File

Caution - You must restart the keyserver after you make a change to nsswitch.conf.

The keyserver reads the publickey entry in the name service switch configuration file only when the keyserver is started. If you change the switch configuration file, the keyserver does not register the changes until the keyserver is restarted.

Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire