Setting Up the Name Service Switch

6

This section provides the following step-by-step instructions for using the Name Service Switch:

*Selecting an Alternate Configuration File*	*page 83*
*Enabling an NIS+ Client to Use DNS.*	*page 85*
*Adding Compatibility with +/- Syntax*	*page 86*

Selecting an Alternate Configuration File

This task describes how to select an alternate Switch configuration file for an NIS+ client. Make sure the sources listed in the file are properly set up. In other words, if you are going to select the NIS+ version, the client must eventually have access to NIS+ service; if you are going to select the local files version, those files must be properly set up on the client.

Here is a list of the steps:

Log on as superuser to the client.
Copy the alternate file over the nsswitch.conf file.
Kill and restart the key server at an appropriate time.
Reboot the workstation at an appropriate time.

Security Considerations

You must perform this operation as superuser.

· How to Select an Alternate Configuration File

Log on as superuser to the client.
Copy the alternate file over the nsswitch.conf file. The /etc/nsswitch.conf file is the "working" configuration file used by the Name Service Switch. Also in the /etc directory are three alternate versions of the file: one for NIS+, one for NIS, and one for local files. To select one, simply copy it over the working file. Of course, you can create additional alternates. Here are four examples:


  client1# cd /etc  
  client1# cp nsswitch.nisplus nsswitch.conf           # NIS+ version  
  client1# cp nsswitch.nis nsswitch.conf                    # NIS version  
  client1# cp nsswitch.files nsswitch.conf             # local files version  
  client1# cp nsswitch.custom  nsswitch.conf           # custom version

Kill and restart the key server at an appropriate time.
The key server reads the publickey entry in the Name Service Switch configuration file only when the key server is started. As a result, if you change the switch configuration file, the key server does not become aware of changes to the publickey entry until it is restarted. If you are performing this task as part of the task called "Setting Up NIS+ Clients" on page 26", you don't need to kill and restart the keyserver now, since you'll do that as part of the overall client setup procedure.
If you are performing this task independently, or as part of the task called "How to Set Up a Root Domain" on page 3", you can kill and restart the keyserver now. Here is an example:


  client1# ps -e | grep keyserv  
  root  145    1  67  16:34:44         ?   keyserv  
  client1# kill 145  
  client1# rm -f /etc/.rootkey  
  client1# keyserv  
  client1# keylogin -r

Reboot the workstation at an appropriate time.
Because some library routines do not periodically check the nsswitch.conf file to see whether it has been changed, you must reboot the workstation to make sure those routines have the latest information in the file. If selecting a different configuration file as part of a setup procedure, wait until an appropriate time to reboot.
This step completes this task.

Enabling an NIS+ Client to Use DNS.

This task describes how to set up the Name Service Switch configuration file so that an NIS+ client can also use the DNS service. Here is a list of the steps:

Log on as superuser.
Open the /etc/nsswitch.conf file.
Specify DNS as a source of hosts information.
Save the file and reboot the workstation.

Prerequisites

The NIS+ client must have a properly configured /etc/resolv.config file (as described in Name Services Configuration Guide.")

Security Considerations

You must perform this operation as superuser.

· How to Enable an NIS+ Client to use DNS

Log on as superuser.
Open the /etc/nsswitch.conf file.

Specify DNS as a source of hosts information.
DNS can be the only source or an additional source for the hosts information. Locate the hosts line and use "dns" in one of the ways shown below:


  hosts:   nisplus dns [NOTFOUND=return] files  
  
  hosts:   files dns

Do not use the above syntax for NIS clients, since it will make them look for unresolved names twice in DNS.

Save the file and reboot the workstation.
Because some library routines do not periodically check the nsswitch.conf file to see whether it has been changed, you must reboot the workstation to make sure those routines have the latest information in the file.
This step completes this task.

Adding Compatibility with +/- Syntax

This task describes how to add compatibility with the +/- syntax used in /etc/passwd, /etc/shadow, and /etc/group files. Here is a list of the steps:

Log on as superuser.
Open the /etc/nsswitch.conf file.
Change the passwd and group sources to compat.
Save the file and reboot the workstation.

Security Considerations

You must perform this operation as superuser.

Note - Users working on a client machine being served by a NIS+ server running in compatibility mode cannot run ypcat on the netgroup table. Doing so will give you results as if the table were empty even if it has entries.

· How to Add Compatibility with +/- Syntax

Log on as superuser.
Open the /etc/nsswitch.conf file.
Change the passwd and groups sources to compat.


  passwd:   compat  
  group:    compat

This provides the same semantics as in SunOS 4.1: it looks up an /etc files and NIS maps as indicated by the +/- entries in the files.

If you would like to use the +/- semantics with NIS+ instead of NIS, add the following two entries to the nsswitch.conf file:


  passwd_compat:  nisplus  
  group_compat:   nisplus

Save the file and reboot the workstation.
Because some library routines do not periodically check the nsswitch.conf file to see whether it has been changed, you must reboot the workstation to make sure those routines have the latest information in the file.
This step completes this task.