HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)
n
nsswitch.conf(4) nsswitch.conf(4)
action and status names are case-insensitive.
The default criteria are to continue on anything except
SUCCESS; in other words, [SUCCESS=return
NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue]
.
The default, or explicitly specified, criteria are meaningless following the last source in an entry; and are
ignored since the action is always to return to the caller irrespective of the status code the source returns.
Interaction with netconfig
In order to ensure that they all return consistent results based on the
inet family of entries, gethost-
byname()
, getservbyname()
, and netdir_getbyname()
functions are all implemented in terms
of the same internal switch library functions. These functions obtain the system-wide source lookup policy
for
hosts and services based on the inet
family entries in netconfig() .Forservices and
hosts only the "-" in the last column, which represents nametoaddr libraries, is supported.
NIS (YP) server in DNS-forwarding Mode
The NIS (YP) server can be run in "DNS-forwarding mode" (see rpc.nisd_resolv(1M)), where it forwards
lookup requests to DNS for host-names and host-addresses that do not exist in its database. In this case,
specifying
nis as a source for hosts
is sufficient to get DNS lookups; dns need not be specified explicitly
as a source.
Interaction with +/- syntax
Releases prior to HP-UX 10.30 did not have the name-service switch support for passwd and group but did
allow the user some policy control. In
/etc/passwd one could have entries of the form +user (include
the specified user from NIS passwd.byname),
-user (exclude the specified user) and + (include everything,
except excluded users, from NIS passwd.byname). The desired behavior was often "everything in the file
followed by everything in NIS", expressed by a solitary
+ at the end of
/etc/passwd . The switch pro-
vides an alternative for this case (
passwd: files nis) that does not require +
entries in
/etc/passwd .
If this is not sufficient, the compat source provides full +/- semantics. It reads
/etc/passwd for
getpwnam() functions and, if it finds +/- entries, invokes an appropriate source. The only source sup-
ported by pseudo-database
passwd_compat is nis.
The
compat source also provides full +/- semantics for group; the relevant pseudo-database is
group_compat .
Useful Configurations
The compiled-in default entries for all databases use NIS (YP) as the enterprise level name-service and are
identical to those in the default configuration of this file:
passwd: files nis
group: files nis
hosts: dns [NOTFOUND=return] nis [NOTFOUND=return] files
ipnodes: dns [NOTFOUND=return] nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis
automount: files nis
aliases: files nis
services: files nis
sendmailvars: files
The policy nis [NOTFOUND=return] files implies if nis is UNAVAIL, continue on to files, and
if
nis returns NOTFOUND, return to the caller"; in other words, treat nis as the authoritative source of
information and try files only if nis is down.
If compatibility with the +/- syntax for passwd and group is required, simply modify the entries for
passwd and group to:
passwd: compat
group: compat
To get information from the Internet Domain Name Service for hosts that are not listed in the enterprise
level name-service, NIS, use the following configuration and set up the file /etc/resolv.conf. See
HP-UX 11i Version 3: February 2007 − 2 − Hewlett-Packard Company 291