HP-UX Reference (11i v2 07/12) - 4 File Formats (vol 8)
n
nsswitch.conf(4) nsswitch.conf(4)
passwd: files nis
group: files nis
hosts: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis
automount: files nis
aliases: files nis
services: files nis
sendmailvars: files
ipnodes: files
The policy nis [NOTFOUND=return] files
implies "if nis
is UNAVAIL, continue on to files,
and if
nis returns NOTFOUND, return to the caller; in other words, treat
nis as the authoritative source
of information and try
files only if nis
is down."
If compatibility with the
+
/- syntax for passwd and group is required, simply modify the entries for
passwd and group to:
passwd: compat
group: compat
If NIS+ is the enterprise level name-service, the default configuration should be modified to use
nisplus
instead of nis for every database on client machines. The file /etc/nsswitch.nisplus
contains a
sample configuration that can be copied to
/etc/nsswitch.conf
to set this policy.
If the use of
+/- syntax is desired in conjunction with nisplus, use the following four entries:
passwd: compat
passwd_compat: nisplus
group: compat
group_compat: nisplus
To get information from the Internet Domain Name Service for hosts that are not listed in the enterprise
level name-service, NIS+ uses the configuration and set up file
/etc/resolv.conf. See resolver(4) for
more details.
hosts: nisplus dns [NOTFOUND=return] files
ipnodes: dns [NOTFOUND=return] files
The file /etc/nsswitch.ldap
contains an example configuration that can be copied to
/etc/nsswitch.conf
to set an LDAP policy. If the +/- netgroup syntax (used for access control as
defined by
nis and nisplus) is desired, the administrator needs to configure
libpam_authz.1 in
the
/etc/pam.conf file. See the ldapux(5) manpage for more information about LDAP-UX,
pam_authz(5) manpage for more information on
libpam_authz.1
, and passwd(4) for more information
about the
+/- netgroup syntax. The ldapux(5) and pam_authz(5) manpages are in the LDAP-UX Integra-
tion product.
Enumeration -- getXXXent()
Many of the databases have enumeration functions: passwd has getpwent() , hosts has gethos-
tent()
, and so on. These were reasonable when the only source was files but often make little sense
for hierarchically structured sources that contain large numbers of entries, much less for multiple sources.
The interfaces are still provided and the implementations strive to provide reasonable results, but the data
returned may be incomplete (enumeration for hosts is simply not supported by the dns source), incon-
sistent (if multiple sources are used), formatted in an unexpected fashion (for a host with a canonical name
and three aliases, the nisplus source will return four hostents, and they may not be consecutive), or
very expensive (enumerating a passwd database of 5000 users is probably a bad idea). Furthermore,
multiple threads in the same process using the same reentrant enumeration function (getXXXent_r()
are supported) share the same enumeration position; if they interleave calls, they will enumerate disjoint
subsets of the same database.
In general the use of the enumeration functions is deprecated. In the case of passwd, and group, it may
sometimes be appropriate to use fgetgrent() , fgetpwent() , and fgetspent() (see getgrent(3C),
and getpwent(3C), respectively), which use only the files source.
254 Hewlett-Packard Company − 3 − HP-UX 11i Version 2: December 2007 Update