Name Service Switch
The name service switch controls how a client workstation or application obtains network information. The name service switch is often referred to as the switch. The switch determines which naming services, and in what order, an application uses to obtain naming information. The switch is a file called nsswitch.conf, which is stored in each machine's /etc directory.
The nsswitch.conf File
Each workstation has a nsswitch.conf file in its /etc directory. Each line of that file identifies a particular type of network information, such as host, password, and group, followed by one or more sources, such as NIS+ tables, NIS maps, the DNS hosts table, or local /etc, where the client is to look for that information. For additional information on the nsswitch.conf file, see Solaris Naming Administration Guide.
An /etc/nsswitch.conf file is automatically loaded into every workstation's /etc directory by the Solaris 2.6 release software, along with three alternate (template) versions:
-
/etc/nsswitch.nisplus
-
/etc/nsswitch.nis
-
/etc/nsswitch.files
These alternate template files contain the default switch configurations used by the NIS+ and NIS services, and local files. No default file is provided for DNS, but you can edit any of these files to use DNS (see Enabling a Machine to Use DNS ). When Solaris 2.6 release software is first installed on a workstation, the installer selects the workstation's default name service: NIS+, NIS, or local files. During installation, the corresponding template file is copied to /etc/nsswitch.conf. For example, for a workstation client using NIS+, the installation process copies nsswitch.nisplus to nsswitch.conf.
If your network is connected to the Internet and you want users to be able to access Internet hosts using DNS, you must now enable DNS forwarding as described in Enabling a Machine to Use DNS .
Unless you have an unusual namespace, the default template file as copied to nsswitch.conf (with or without DNS, as described above) should be sufficient for normal operation.
Default NIS+ Version of Switch File
The NIS+ version of the switch file supplied with Solaris 2.6 release is named nsswitch.nisplus.
Default nsswitch.nisplus File
#
# /etc/nsswitch.nisplus:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses NIS+ (NIS Version 3) in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files nisplus
group: files nisplus
# consult /etc "files" only if nisplus is down.
hosts: nisplus [NOTFOUND=return] files
#Uncomment the following line, and comment out the above, to use both DNS
#and NIS+. You must also set up the /etc/resolv.conf file for DNS name
#server lookup. See resolv.conf(4).
#hosts: nisplus dns [NOTFOUND=return] files
services: nisplus [NOTFOUND=return] files
networks: nisplus [NOTFOUND=return] files
protocols: nisplus [NOTFOUND=return] files
rpc: nisplus [NOTFOUND=return] files
ethers: nisplus [NOTFOUND=return] files
netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
publickey: nisplus
netgroup: nisplus
automount: files nisplus
aliases: files nisplus
sendmailvars: files nisplus
|
Default NIS Version of Switch File
The NIS version of the switch file supplied with Solaris 2.6 release is named nsswitch.nis.
Default nsswitch.nis File
#
# /etc/nsswitch.nis:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses NIS (YP) in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files nis
group: files nis
# consult /etc "files" only if nis is down.
hosts: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
ethers: nis [NOTFOUND=return] files
netmasks: nis [NOTFOUND=return] files
bootparams: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis
automount: files nis
aliases: files nis
# for efficient getservbyname() avoid nis
services: files nis
sendmailvars: files
|
Default Files Version of Switch File
The local files version of the switch file supplied with Solaris 2.6 release is named nsswitch.files.
Default nsswitch.files File
#
# /etc/nsswitch.files:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# does not use any naming service.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
passwd: files
group: files
hosts: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system will
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files
automount: files
aliases: files
services: files
sendmailvars: files
|
Selecting a Different Configuration File
When you change a workstation's naming service, you need to change that machine's switch file to one appropriate for the new service. For example, if you change a workstation's name service from NIS to NIS+, you need to install a switch file appropriate for NIS+. You change switch files by copying the appropriate template file to nsswitch.conf.
If you are installing NIS+ on a workstation using the NIS+ installation scripts, the NIS+ template script is copied to nsswitch.conf for you. In this case, you do not have to configure the switch file unless you want to customize it.
Before proceeding to change switch files, make sure the sources listed in the file are properly set up. In other words, if you are going to select the NIS+ version, the client must eventually have access to NIS+ service; if you are going to select the local files version, those files must be properly set up on the client.
Here is a list of the basic steps:
-
Log in as superuser to the client.
-
Copy the alternate file over the nsswitch.conf file.
-
Reboot the workstation. (This is necessary because nscd caches the switch information which it reads only at start up.)
Security Considerations
You must perform this operation as superuser.
How to Select a Different Configuration File
To change to a switch file, follow these steps:
-
Log in as superuser to the client.
-
Copy the alternate file appropriate for the machine's name service over the nsswitch.conf file.
NIS+ Version (done automatically for you by NIS+ scripts)
client1# cd /etc
client1# cp nsswitch.nisplus nsswitch.conf
|
NIS Version
client1# cd /etc
client1# cp nsswitch.nis nsswitch.conf
|
Local /etc Files Version
client1# cd /etc
client1# cp nsswitch.files nsswitch.conf
|
-
Reboot the workstation.
The nscd name service cache daemon caches switch information. Some library routines do not periodically check the nsswitch.conf file to see whether it has been changed. You must reboot the workstation to make sure that the daemon and those routines have the latest information in the file.
Enabling a Machine to Use DNS
This section describes how to set up the name service switch configuration file for the NIS+ or local files name services so that a machine can also use the Domain Name System (DNS). DNS forwarding is inherent in the NIS name service. You do not have to (and should not) add a DNS entry to the hosts line of switch file of a machine using the NIS service. The steps described below apply only to those machines using local /etc files or NIS+.
Here is a list of the steps for machines using local /etc files or NIS+:
-
Log in as superuser.
-
Open the /etc/nsswitch.conf file.
-
Specify DNS as a source of hosts information.
-
Save the file and reboot the workstation.
Prerequisites
The machine must have a properly configured /etc/resolv.conf file (as described in The Resolver ).
Security Considerations
You must perform this operation as superuser.
How to Enable an NIS+ Client to Use DNS
-
Log in as superuser.
-
Open the /etc/nsswitch.conf file.
-
Specify DNS as a source of hosts information.
DNS can be the only source or an additional source for the hosts information. Locate the hosts line and use DNS in one of the ways shown below:
or
hosts: nisplus dns [NOTFOUND=return] files
|
or
hosts: dns nisplus [NOTFOUND=return] files
|
Do not use the above syntax for NIS clients, since it will make them look for unresolved names twice in DNS.
-
Save the file and reboot the workstation.
Because the nscd daemon caches this information, which it reads at start up, you must reboot the workstation now.
Adding Compatibility With +/- Syntax
This task describes how to add compatibility with the +/- syntax used in /etc/passwd, /etc/shadow, and /etc/group files when you are using either NIS or NIS+ as your primary naming service.
Here is a list of the steps:
-
Log in as superuser.
-
Open the /etc/nsswitch.conf file.
-
Change the passwd and group sources to compat.
-
Add + or + netgroup to /etc/passwd,, /etc/shadow, and /etc/group.
-
Save the file and reboot the workstation.
Security Considerations
You must perform this operation as superuser.
Note - Users working on a client machine being served by a NIS+ server running in NIS compatibility mode cannot run ypcat on the netgroup table. Doing so will give you results that indicate the table is empty, even if it has entries.
How to Add DNS Compatibility With +/- Syntax
-
Log in as superuser.
-
Open the /etc/nsswitch.conf file.
-
Change the passwd and groups sources to compat.
-
For use with NIS, enter:
passwd: compat
group: compat
|
-
For NIS+, enter:
passwd: compat
passwd_compat: nisplus
group: compat
group_compat: nisplus
|
This provides the same syntax as in the Solaris 1.x release: it looks up /etc files and NIS maps as indicated by the +/- entries in the files.
-
Add -+ or -+ netgroup to /etc/passwd, /etc/shadow, and /etc/group files.
Caution - If you fail to add the -+ or -+ netgroup entries to /etc/shadow and /etc/passwd, you won't be able to log in.
-
Save the file and reboot the workstation.
Because some library routines do not periodically check the nsswitch.conf file to see whether it has been changed, you must reboot the workstation to make sure those routines have the latest information in the file.
