HP-UX Reference (11i v2 04/09) - 4 File Formats (vol 8)
n
nsswitch.conf(4) nsswitch.conf(4)
passwd: files nis
group: files nis
hosts: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis
automount: files nis
aliases: files nis
services: files nis
sendmailvars: files
ipnodes: files
The policy nis [NOTFOUND=return] files
implies "if nis is
UNAVAIL, continue on to files,
and if
nis returns NOTFOUND, return to the caller; in other words, treat
nis as the authoritative
source of information and try
files only if
nis is down."
If compatibility with the
+/- syntax for passwd and group is required, simply modify the entries for
passwd and group to:
passwd: compat
group: compat
If NIS+ is the enterprise level name-service, the default configuration should be modified to use
nisplus instead of nis for every database on client machines. The file /etc/nsswitch.nisplus
contains a sample configuration that can be copied to /etc/nsswitch.conf
to set this policy.
If the use of
+/- syntax is desired in conjunction with nisplus, use the following four entries:
passwd: compat
passwd_compat: nisplus
group: compat
group_compat: nisplus
To get information from the Internet Domain Name Service for hosts that are not listed in the enterprise
level name-service, NIS+ uses the configuration and set up file
/etc/resolv.conf. See resolver (4) for
more details.
hosts: nisplus dns [NOTFOUND=return] files
ipnodes: dns [NOTFOUND=return] files
The file /etc/nsswitch.ldap
contains an example configuration that can be copied to
/etc/nsswitch.conf
to set an LDAP policy. If the +/- netgroup syntax (used for access control as
defined by
nis and nisplus) is desired, the administrator needs to configure
libpam_authz.1 in
the
/etc/pam.conf file. See the ldapux (5) manpage for more information about LDAP-UX,
pam_authz (5) manpage for more information on
libpam_authz.1, and passwd(4) for more informa-
tion about the +/- netgroup syntax. The ldapux (5) and pam_authz (5) manpages are in the LDAP-UX
Integration product.
Enumeration -- getXXXent()
Many of the databases have enumeration functions:
passwd has getpwent(), hosts has gethos-
tent(), and so on. These were reasonable when the only source was files but often make little sense
for hierarchically structured sources that contain large numbers of entries, much less for multiple
sources. The interfaces are still provided and the implementations strive to provide reasonable results,
but the data returned may be incomplete (enumeration for hosts is simply not supported by the dns
source), inconsistent (if multiple sources are used), formatted in an unexpected fashion (for a host with a
canonical name and three aliases, the nisplus source will return four hostents, and they may not be
consecutive), or very expensive (enumerating a passwd database of 5000 users is probably a bad idea).
Furthermore, multiple threads in the same process using the same reentrant enumeration function
(getXXXent_r() are supported) share the same enumeration position; if they interleave calls, they will
enumerate disjoint subsets of the same database.
In general the use of the enumeration functions is deprecated. In the case of
passwd, and group,it
may sometimes be appropriate to use fgetgrent(), fgetpwent(), and fgetspent() (see
getgrent (3C), and getpwent (3C), respectively), which use only the files source.
HP-UX 11i Version 2: September 2004 − 3 − Hewlett-Packard Company Section 4−−223