The Name Service Switch (Overview)
This chapter describes the name service switch, what it does, and how clients use it to obtain naming information from one or more sources. You use the name service switch to coordinate usage of different naming services.
About the Name Service Switch
The name service switch is a file named nsswitch.conf(4). It controls how a client machine or application obtains network information. It is used by client applications that call any of the getXbyY() interfaces such as the following.
Each machine has a switch file in its /etc directory. Each line of that file identifies a particular type of network information, such as host, password, and group, followed by one or more sources where the client is to look for that information.
A client can obtain naming information from one or more of the switch's sources. For example, an NIS+ client could obtain its hosts information from an NIS+ table and its password information from a local /etc file. In addition, it could specify the conditions under which the switch must use each source. See Table 2-1.
The Solaris operating environment automatically loads an nsswitch.conf file into every machine's /etc directory as part of the installation process. Four alternate (template) versions of the switch file are also loaded into /etc for LDAP, NIS, NIS+, or files. See "The nsswitch.conf Template Files".
These four files are alternate default switch files. Each one is designed for a different primary naming service: /etc files, NIS, NIS+, or LDAP. When the Solaris software is first installed on a machine, the installer selects the machine's default naming service: NIS+, NIS, local files, or LDAP. During installation, the corresponding template file is copied to nsswitch.conf. For example, for a machine client using LDAP, the installation process copies nsswitch.ldap to nsswitch.conf. Unless you have an unusual namespace, the default template file as copied to nsswitch.conf should be sufficient for normal operation.
No default file is provided for DNS or IPv6, but you can edit any of these files to use DNS or IPv6. See "DNS and Internet Access" or "IPv6 and Solaris Naming Services".
If you later change a machine's primary naming service, you copy the appropriate alternate switch file to nsswitch.conf. See "The nsswitch.conf Template Files". You can also change the sources of particular types of network information used by the client by editing the appropriate lines of the /etc/nsswitch.conf file. The syntax for doing this is described below, and additional instructions are provided in "Modifying the name service switch".
Format of the nsswitch.conf File
The nsswitch.conf file is essentially a list of 16 types of information and the sources that getXXbyYY() routines search for that information. The 16 types of information, not necessarily in this order, are the following.
aliases
bootparams
ethers
group
hosts
ipnodes
netgroup
netmasks
networks
passwd (includes shadow information)
protocols
publickey
rpc
services
automount
sendmailvars
The following table provides a description of the kind of sources that can be listed in the switch file for the information types above.
Table 2-1 Switch File Information Sources
Information Sources | Description |
---|---|
files | A file stored in the client's /etc directory. For example, /etc/passwd |
nisplus | An NIS+ table. For example, the hosts table. |
nis | An NIS map. For example, the hosts map. |
compat | Compat can be used for password and group information to support old-style + or - syntax in /etc/passwd, /etc/shadow, and /etc/group files. |
dns | Can be used to specify that host information be obtained from DNS. |
ldap | Can be used to specify entries be obtained from the LDAP directory. |
Search Criteria
Single Source. If an information type has only one source, such as nisplus a routine using the switch searches for the information in that source only. If it finds the information, it returns a success status message. If it does not find the information, it stops searching and returns a different status message. What the routine does with the status message varies from routine to routine.
Multiple Sources. If a table has more than one source for a given information type, the switch directs the routine to start searching for the information in the first source that is listed. If it finds the information, it returns a success status message. If it does not find the information in the first source, it tries the next source. The routine will search through all of the sources until it has found the information it needs, or it is halted by encountering a return specification. If all of the listed sources are searched without finding the information, the routine stops searching and returns a non-success status message.
Switch Status Messages
If a routine finds the information, it returns a success status message. If it does not find the information for which it is looking, it returns one of three unsuccessful status messages, depending on the reason for not finding the information. Possible status messages are listed in the following table.
Table 2-2 Switch Search Status Messages
Status Message | Meaning of Message |
---|---|
SUCCESS | The requested entry was found in the specified source. |
UNAVAIL | The source is not responding or is unavailable. That is, the NIS+ table, or NIS map, or /etc file could not be found or accessed. |
NOTFOUND | The source responded with "No such entry." In other words, the table, map, or file was accessed but it did not contain the needed information. |
TRYAGAIN | The source is busy; it might respond next time. In other words, the table, map, or file was found, but it could not respond to the query. |