nsswitch.conf.4 (2010 09)
n
nsswitch.conf(4) nsswitch.conf(4)
action and status names are case-insensitive.
The default criteria are to continue on anything except
SUCCESS; in other words, [SUCCESS=return
NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue]
.
The default, or explicitly specified, criteria are meaningless following the last source in an entry; and are
ignored since the action is always to return to the caller irrespective of the status code the source returns.
Interaction with netconfig
In order to ensure that they all return consistent results based on the
inet family of entries, gethost-
byname(), getservbyname()
, and netdir_getbyname()
functions are all implemented in terms
of the same internal switch library functions. These functions obtain the system-wide source lookup policy
for
hosts and services based on the inet
family entries in netconfig().Forservices and
hosts only the "-" in the last column, which represents nametoaddr libraries, is supported.
NIS (YP) server in DNS-forwarding Mode
The NIS (YP) server can be run in "DNS-forwarding mode" (see rpc.nisd_resolv(1M)), where it forwards
lookup requests to DNS for host-names and host-addresses that do not exist in its database. In this case,
specifying
nis as a source for hosts is sufficient to get DNS lookups;
dns need not be specified expli-
citly as a source.
Interaction with +/- syntax
Releases prior to HP-UX 10.30 did not have the name-service switch support for passwd and group but
did allow the user some policy control. In
/etc/passwd one could have entries of the form +
user
(include the specified user from NIS passwd.byname),
-user (exclude the specified user) and + (include
everything, except excluded users, from NIS passwd.byname). The desired behavior was often "every-
thing in the file followed by everything in NIS", expressed by a solitary
+ at the end of /etc/passwd.
The switch provides an alternative for this case (
passwd: files nis) that does not require
+ entries
in
/etc/passwd.
If this is not sufficient, the
compat source provides full +/- semantics. It reads
/etc/passwd for
getpwnam() functions and, if it finds +/- entries, invokes an appropriate source. The only source sup-
ported by pseudo-database
passwd_compat is nis.
The
compat source also provides full +/- semantics for group; the relevant pseudo-database is
group_compat.
Useful Configurations
The compiled-in default entries for all databases use NIS (YP) as the enterprise level name-service and
are identical to those in the default configuration of this file:
passwd: files nis
group: files nis
hosts: dns [NOTFOUND=return] nis [NOTFOUND=return] files
ipnodes: dns [NOTFOUND=return] nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis
automount: files nis
aliases: files nis
services: files nis
sendmailvars: files
The policy nis [NOTFOUND=return] files implies "if nis is UNAVAIL, continue on to files,
and if
nis returns NOTFOUND, return to the caller"; in other words, treat nis as the authoritative source
of information and try files only if nis is down.
Notes
The
shadow routines getspnam(), getspnam_r(), and getspent() do not follow the compiled-in
default behaviour for passwd database. These routines use files as default source, unless explicitly
specified in the /etc/nsswitch.conf file.
If compatibility with the
+/- syntax for passwd and group is required, simply modify the entries for
passwd and group to:
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010