Skip to ContentSun and Oracle Channel Sun How to Buy Log In

NIS+ and FNS Administration Guide

Contained Within

Solaris 2.5 System Administrator AnswerBook

Find More Documentation

Featured Support Resources

PDF로 이 문서 다운로드

The Name Service Switch

12

Text Box(144x29)

The name service switch is not really part of NIS+. However, it enables clients of getXXbyYY() routines, such as NIS+, to obtain their network information from one or more sources such as NIS+ tables, NIS maps, the DNS hosts table, or local /etc files. This chapter describes the switch, what it can do, and how it is used with NIS+.

*About the Name Service Switch*	*page 233*
*The nsswitch.conf Template Files*	*page 239*
*DNS Forwarding*	*page 241*
*Adding Compatibility With +/- Syntax*	*page 242*

About the Name Service Switch

An NIS+ client can obtain its information from one or more of the switch's sources in place of, or in addition, to NIS+ tables. For example, an NIS+ client could obtain its hosts information from an NIS+ table, its group information from NIS maps, and its password information from a local /etc file. In addition, it could specify the conditions under which the switch must use each source (see "Search Criteria" on page 235).

These choices are specified in a special configuration file called nsswitch.conf. This file is automatically loaded into every workstation's /etc directory by the Solaris 2.4 software, along with three alternate (template) versions:

/etc/nsswitch.nisplus
/etc/nsswitch.nis
/etc/nsswitch.files

These alternate files contain the default switch configurations used by the NIS+ service, NIS, and local files. (See "The nsswitch.conf Template Files" on page 239.) No default file is provided for DNS, but you can edit any of these files to use DNS (see "DNS Forwarding" on page 241).

When the Solaris 2.4 software is first installed on a workstation, the installer must select the workstation's default name service: NIS+, NIS, or local files. During the installation, the corresponding configuration file is copied into the /etc/nsswitch.conf file.

You can change the sources of information used by an NIS+ client by creating your own customized configuration file and copying it over /etc/nsswitch.conf. Its syntax is described below, and instructions are provided in NIS+ and DNS Setup and Configuration Guide.

Format of the `nsswitch.conf` File

Text Box(144x42)

The nsswitch.conf file is essentially a list of 15 types of information and the sources that getXXbyYY() routines, such as NIS+, search for that information. The 15 types of information, not necessarily in this order, are:


  aliases:                      source(s)  
  bootparams:                   source(s)  
  ethers:                       source(s)  
  group:                        source(s)  
  hosts:                        source(s)  
  netgroup:                     source(s)  
  netmasks:                     source(s)  
  networks:                     source(s)  
  passwd:                       source(s)  
  protocols:                    source(s)  
  publickey:                    source  
  rpc:                          source(s)  
  services:                     source(s)  
  
  automount:                    source(s)  
  
  sendmailvars                  source(s)

Table 12-1 provides a description of sources.

Table 12-1

Source	Description
`files`	A local file stored in the client's `/etc` directory (for example, `/etc/passwd)`
`nisplus`	An NIS+ table
`nis`	An NIS map
`compat`	Only for the password and group entries, supports the old-style + or - syntax in the `/etc/passwd`, `/etc/shadow`, and `/etc/group` files. For both NIS and NIS+. You must use `passwd_compat: nisplus` for NIS+ (see "Adding Compatibility With +/- Syntax" on page 242).
`dns`	DNS, but only for the hosts entry

Search Criteria

If an information type has only one source, for example, publickey: nisplus, a routine using the switch searches for the information in that source only. If it finds the information, it returns a success status message; if it does not find the information, it stops searching and returns a different status message. What the routine does with the status message varies from routine to routine.

If a table has more than one source, the switch directs the routine to start searching for the information in the first source. If it finds the information, it returns a success status message if it does not find the information there, it tries the next source. The routine will search through all of the sources until it has found the information it needs, it is halted by encountering a return condition, or it has tried all of the sources without success. If all of the listed sources are searched without finding the information, the routine stops searching and returns a non-success status message. What the routine does with the status message varies from routine to routine.

Switch Status Messages

If a routine finds the information it returns a success status message; if it does not find the information it is looking for, it returns one of three unsuccessful status messages, depending on the reason for not finding the information. The four possible status messages are listed in Table 12-2.

Table 12-2

Status	Meaning
`SUCCESS`	The requested entry was found in the source (NIS+ table, NIS map, or `/etc` file).
`UNAVAIL`	The source is not responding or is unavailable. In other words, the NIS+ table, NIS map, or `/etc` file could not be found or accessed.
`NOTFOUND`	The source responded with "No such entry," In other words, the table, map, or file was found, but it did not contain the needed information.
`TRYAGAIN`	The source is busy; it might respond next time. In other words, the table, map, or file was found, but it could not respond to the query.

Switch Action Options

You can instruct the switch to respond to status messages with either of these two actions shown in Table 12-3.

Table 12-3

Action	Meaning
`return`	Stop looking for the information.
`continue`	Try the next source, if there is one.

Default Search Criteria

The combination of nsswitch.conf file status message and action option determine what the routine does at each step. This combination of status and action is called the search criteria.

Text Box(144x66)

The switch's default search criteria are the same for every source. Described in terms of the status messages listed above, they are:

SUCCESS=return. Stop looking for the information and proceed using the information that has been found.
UNAVAIL=continue. Go to the next nsswitch.conf file source and continue searching. If this is the last source, return with a NOTFOUND status.
NOTFOUND=continue. Go to the next nsswitch.conf file source and continue searching. If this is the last source, return with a NOTFOUND status.
TRYAGAIN=continue. Go to the next nsswitch.conf file source and continue searching. If this is the last source, return with a NOTFOUND status.

Because these are the default search criteria, they are assumed (not explicitly specified). You can change these default search criteria by explicitly specifying some other criteria using the STATUS=action syntax shown above. For example:


  hosts:     nis  
  networks:  nis [NOTFOUND=return] files

hosts: nis. This is an example of the default search criteria. Any routine looking for host information will search the NIS hosts map. If the hosts map is not available, does not contain the needed information, or is busy, the routine will return with either an UNAVAIL, NOTFOUND, or TRYAGAIN status message.
networks: nis [NOTFOUND=return] files. This line specifies a nondefault criterion for the NOTFOUND status. (Nondefault criteria are delimited by square brackets.) In this case, a routine would return with a SUCCESS status if it found the information in the NIS networks map or continue on to search the /etc file if the NIS networks map was not found (UNAVAILABLE status) or was found but did not respond (TRYAGAIN status). However, if the NIS map was found and accessed, but did not contain the needed information, the routine would return with a NOTFOUND status without searching the /etc file.

What if the Syntax Is Wrong?

Client library routines contain compiled-in default entries that are used if an entry in the nsswitch.conf file is either missing or syntactically incorrect. These entries are the same as the default nsswitch.conf file.

The name service switch assumes that the spelling of table and source names is correct. If you misspell a table or source name, the switch uses the default values instead.

Auto_home and Auto_master

The information for the auto_home and auto_master tables is combined into one category, called "automount."

Timezone

The timezone table does not use the switch, so it is not included in the list.

Comments in `nsswitch.conf` Files

Any nsswitch.conf file line beginning with a hash character (#) is interpreted as a comment line and are thus ignored by routines that search the file.

When a hash character (#) is included in the middle of the line, characters to the left of the hash mark (before the hash mark) are interpreted by routines that search the nsswitch.conf file; characters to the right of the hash mark (after the hash mark) are interpreted as comments and acted upon.

Table 12-4

Type of Line	Example
Comment line (not interpreted). Fully interpreted line. Partially interpreted line (the `files` element not interpreted)	`# hosts: nisplus [NOTFOUND=return] files` `hosts: nisplus [NOTFOUND=return] files` `hosts: nisplus [NOTFOUND=return] # files`

The `nsswitch.conf` Template Files

Three nsswitch.conf template files are provided with the Solaris 2.x release. Each of them provides a different default set of primary and subsequent information sources. The three template files are:

NIS+ template file. The nsswitch.nisplus configuration file specifies NIS+ as the primary source for all information except passwd, group, automount, and aliases. For those four files, the primary source is local /etc files and the secondary source is an NIS+ table. The [NOTFOUND=return] search criterion instructs the switch to stop searching the NIS+ tables if it receives a "No such entry" message from them. It searches through local files only if the NIS+ server is unavailable. (See Code Example 12-1 on page 240.)
NIS template file. The nsswitch.nis configuration file is almost identical to the NIS+ configuration file, except that it specifies NIS maps in place of NIS+ tables. Because the search order for passwd and group is files nis, you don't need to place the + entry in the /etc/passwd and /etc/group files. (See Code Example 12-2 on page 240.)
Files template file. The nsswitch.files configuration file specifies local /etc files as the only source of information for the workstation. There is no "files" source for netgroup, so the client simply won't use it. (See Code Example 12-3 on page 241.)

Copy the template file that most closely meets your requirements to nsswitch.conf and then modify nsswitch.conf as needed. (See the switch chapter of NIS+ and DNS Setup and Configuration Guide for a detailed description of this process.)

For example, to use the NIS+ template file, you would type the following command:


  mymachine# cp nsswitch.nisplus nsswitch.conf

Note - Note that the keyserver reads the publickey entry in the name service switch configuration file only when the keyserver is started. As a result, if you change the switch configuration file, the keyserver does not become aware of changes to the publickey entry until it is restarted.

Switch Template File Examples

Here are the three template files with all the comments stripped out:

Code Example 12-1 NIS+ nsswitch.conf Template File


  passwd:     files nisplus  
  group:      files nisplus  
  hosts:      nisplus [NOTFOUND=return] files  
  services:   nisplus [NOTFOUND=return] files  
  networks:   nisplus [NOTFOUND=return] files  
  protocols:  nisplus [NOTFOUND=return] files  
  rpc:        nisplus [NOTFOUND=return] files  
  ethers:     nisplus [NOTFOUND=return] files  
  netmasks:   nisplus [NOTFOUND=return] files  
  bootparams: nisplus [NOTFOUND=return] files  
  publickey:  nisplus  
  netgroup:   nisplus  
  automount:  files nisplus  
  aliases:    files nisplus

Code Example 12-2 NIS nsswitch.conf Template File


  passwd:     files nis  
  group:      files nis  
  hosts:      nis [NOTFOUND=return] files  
  services:   nis [NOTFOUND=return] files  
  networks:   nis [NOTFOUND=return] files  
  protocols:  nis [NOTFOUND=return] files  
  rpc:        nis [NOTFOUND=return] files  
  ethers:     nis [NOTFOUND=return] files  
  netmasks:   nis [NOTFOUND=return] files  
  bootparams: nis [NOTFOUND=return] files  
  publickey:  nis [NOTFOUND=return] files  
  netgroup:   nis  
  automount:  files nis  
  aliases:    files nis

Code Example 12-3 Files nsswitch.conf Template File


  passwd:     files  
  group:      files  
  hosts:      files  
  networks:   files  
  protocols:  files  
  rpc:        files  
  ethers:     files  
  netmasks:   files  
  bootparams: files  
  publickey:  files  
  netgroup:   files  
  automount:  files  
  aliases:    files  
  services:   files

Default `nsswitch.conf` File

The default nsswitch.conf file shipped with the Solaris 2.4 software is actually a copy of the nsswitch.nis file, described below. You can change it to the NIS+ version by copying the nsswitch.nisplus file over the /etc/nsswitch.conf file.

DNS Forwarding

The nsswitch.conf file also controls DNS forwarding for clients as described in the following subsections.

Note - The NIS+ client must have a properly configured /etc/resolv.conf file (as described in NIS+ and DNS Setup and Configuration Guide).

See the switch file chapter of NIS+ and DNS Setup and Configuration Guide for step-by-step instructions on enabling DNS forwarding for NIS+ and NIS clients.

DNS Forwarding for NIS+ Clients

NIS+ clients do not have implicit DNS forwarding capabilities like NIS clients do. Instead, they take advantage of the switch. To provide DNS forwarding capabilities to an NIS+ client, change its hosts entry to:


  hosts: nisplus dns [NOTFOUND=return] files

DNS Forwarding for NIS Clients

If an NIS client is using the DNS forwarding capability of a NIS-compatible NIS+ server, its nsswitch.conf file should not have the following syntax for the hosts file:


  hosts: nis dns files

Since DNS forwarding automatically forwards host requests to DNS, the syntax shown above would cause the NIS+ server to forward unsuccessful requests to the DNS servers twice, impacting performance. To take best advantage of DNS forwarding, use the default syntax for the nsswitch.nis file, as shown Code Example 12-2 on page 240.

Adding Compatibility With +/- Syntax

You can add to your nsswitch.conf file compatibility with the +/- syntax sometimes used in /etc/passwd, /etc/shadow, and /etc/group files.

NIS+. To provide +/- semantics with NIS+, change the passwd and groups sources to compat and add a passwd_compat: nisplus entry to the nsswitch.conf file after the passwd or group entry as shown below:


  passwd: compat  
  passwd_compat: nisplus  
  group: compat  
  group_compat: nisplus

This specifies that client routines obtain their network information from /etc files and NIS+ tables as indicated by the +/- entries in the files.

NIS. To provides the same syntax as in the SunOS 4.1 release, change the passwd and groups sources to compat. This specifies that client routines obtain their network information from /etc files and NIS maps as indicated by the +/- entries in the files.


  passwd: compat  
  group:   compat

Note - Users working on a client machine being served by a NIS+ server running in compatibility mode cannot run ypcat on the netgroup table. Doing so will give you results as if the table were empty even if it has entries.

See the switch file chapter of NIS+ and DNS Setup and Configuration Guide for step by step instructions on adding +/- semantics to an nsswitch.conf file.