HP-UX Reference (11i v1 05/09) - 4 File Formats (vol 8)
n
nsswitch.conf(4) nsswitch.conf(4)
hosts: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis
automount: files nis
aliases: files nis
services: files nis
sendmailvars: files
The policy nis [NOTFOUND=return] files
implies "if nis is
UNAVAIL, continue on to files,
and if
nis returns NOTFOUND , return to the caller; in other words, treat
nis as the authoritative source
of information and try
files only if nis
is down."
If compatibility with the +/- syntax for passwd and group is required, simply modify the entries for
passwd and group to:
passwd: compat
group: compat
If NIS+ is the enterprise level name-service, the default configuration should be modified to use
nisplus
instead of nis for every database on client machines. The file /etc/nsswitch.nisplus
contains a
sample configuration that can be copied to
/etc/nsswitch.conf
to set this policy.
If the use of +/- syntax is desired in conjunction with
nisplus, use the following four entries:
passwd: compat
passwd_compat: nisplus
group: compat
group_compat: nisplus
In order to get information from the Internet Domain Name Service for hosts that are not listed in the
enterprise level name-service, NIS+, use the following configuration and set up the
/etc/resolv.conf file (see resolver(4) for more details:
hosts: nisplus dns [NOTFOUND=return] files
If the optional product LDAP-UX Integration is installed, the file /etc/nsswitch.ldap
contains an
example configuration that can be copied to
/etc/nsswitch.conf
to set an LDAP policy. If the +/-
netgroup syntax (used for access control as defined by
nis and nisplus) is desired, the administrator
needs to configure
libpam_authz.1
in the /etc/pam.conf file. See the ldapux(5) man page for
more information about LDAP-UX, pam_authz(5) man page for more information on
libpam_authz.1
,
and passwd(4) for more information about the +/- netgroup syntax. The ldapux(5) and pam_authz(5) man-
pages are in the LDAP-UX Integration product.
Enumeration -- getXXXent()
Many of the databases have enumeration functions:
passwd has getpwent() , hosts has gethos-
tent()
, and so on. These were reasonable when the only source was files but often make little sense
for hierarchically structured sources that contain large numbers of entries, much less for multiple sources.
The interfaces are still provided and the implementations strive to provide reasonable results, but the data
returned may be incomplete (enumeration for
hosts is simply not supported by the dns source), incon-
sistent (if multiple sources are used), formatted in an unexpected fashion (for a host with a canonical name
and three aliases, the nisplus source will return four hostents, and they may not be consecutive), or
very expensive (enumerating a passwd database of 5000 users is probably a bad idea). Furthermore,
multiple threads in the same process using the same reentrant enumeration function (getXXXent_r()
are supported) share the same enumeration position; if they interleave calls, they will enumerate disjoint
subsets of the same database.
In general the use of the enumeration functions is deprecated. In the case of passwd, and group, it may
sometimes be appropriate to use fgetgrent() , fgetpwent() , and fgetspent() (see getgrent(3C),
and getpwent(3C), respectively), which use only the files source.
WARNINGS
Within each process that uses nsswitch.conf(), the entire file is read only once. If the file is later
changed, the process will continue using the old configuration.
Section 4−−192 Hewlett-Packard Company − 3 − HP-UX 11i Version 1: September 2005