nsswitch.conf(4)nsswitch.conf(4)NAMEnsswitch.conf - name service configuration file
SYNOPSIS
/etc/nsswitch.conf, /var/ns/domains/*/nsswitch.conf
DESCRIPTION
This file controls the behavior of the name service daemon nsd(1M). It
is read by the daemon on startup and is used to build a filesystem
maintained by nsd typically mounted on /ns. The paths are of the format
/ns/domain/table/protocol/key. Each nsswitch.conf file results in a
domain directory under /ns. The /etc/nsswitch.conf file corresponds to
/ns/.local, while each file in /var/ns/domains/DOMAINNAME/nsswitch.conf
will result in a directory /ns/DOMAINNAME.
The file contains a list of maps supported by the daemon and a list of
protocols to use to obtain data for each map. Anything following the
comment character '#' will be ignored. Each line represents a different
map (or a domain wide attribute list, see below). It contains the name
of the map (or an alias, see below), followed by a list of protocols to
be used in the order in which they should be called:
map: protocol1 protocol2 protocol3 ... protocolN
Each of these items can include any character but '/' up to 255
characters. If they include whitespace then they should be quoted using
the double-quote character '"'.
The default list of protocols that are supported via shared libraries
includes:
files Traditional text files from /etc
dns Domain name service.
ldap Lightweight Directory Access Protocol version 2.
mdbm Mdbm database format files.
ndbm Ndbm database format files.
db Berkeley db database format files.
nis Network Information Services (formerly YP) client. This is
an optional product.
nisserv Network Information Services (formerly YP) server. This is
an optional product.
Any standard map that does not have a configuration entry in
nsswitch.conf will be assigned a default value. Aliases for the standard
maps exist to simplify the file. If a well known tabled is not listed in
the /etc/nsswitch.conf file, a default value is used. The maps, aliases,
and defaults are:
Page 1
nsswitch.conf(4)nsswitch.conf(4)
aliases for mail.aliases and mail.byaddr
Default value is:
aliases(null_extend_key): ndbm(file=/etc/aliases) nis
automount for autofs maps. See autofs(1M).
Default value is:
automount(dynamic): nis(nis_enumerate_key)
capability for capability.byname
Default value is:
capability: files nis
clearance for clearance.byname
Default value is:
clearance: files nis
ethers for ethers.byname and ethers.byaddr
Default value is:
ethers: files nis
group for group.byname and group.bygid
Default value is:
group: files nis
hosts for hosts.byname and hosts.byaddr
Default value is:
hosts: nis dns files
ipnodes for ipnodes.byname and ipnodes.byaddr
Default value is:
ipnodes: dns files
mac for mac.byname and mac.byvalue
Default value is:
mac: files nis
mail for mail.aliases and mail.byaddr
Default value is:
aliases(null_extend_key): ndbm(file=/etc/aliases) nis
netgroup for netgroup.byname, netgroup.byhost and netgroup.byuser
Default value is:
netgroup: nis
networks for networks.byname and networks.byaddr
Default value is:
networks: files nis
passwd for passwd.byname and passwd.byuid
Default value is:
passwd: files(compat) [notfound=return] nis
Page 2
nsswitch.conf(4)nsswitch.conf(4)
protocols for protocols.byname and protocols.bynumber
Default value is:
protocols: nis [success=return] files
rpc for rpc.byname and rpc.bynumber
Default value is:
rpc: files nis
services for services.byname and services.byport
Default value is:
services: files nis
shadow for shadow.byname
Default value is:
shadow(mode=0700): files
The daemon uses extended attributes attached to each object in the tree
to control the behavior of lookups. An attribute is specified by a key
and value pair list in parenthesis:
(key1=value1, key2=value2, key3=value3)
A set of global attributes can be given to nsd on the command line see
nsd(1M). Attributes on the domain are given on a line of their own
anywhere in the nsswitch.conf file. Attributes on the map are given
immediately following the map on a line, and attributes on the protocol
are given immediately following the protocol name on a line. Attributes
are inherited from above, so if an attribute does not exist on a protocol
then it is inherited from the attribute list on the map, and if it does
not exist on the map then it is inherited from the domain, and if not
from the domain then from the global attributes. If the value is not
specified then it is considered a boolean true. All keys and values are
strings, but may be interpreted internally as numbers or boolean values.
(key1=value1, key2=value2)
map1(key1=value1, key3=value3): protocol1(key1=value1) \
protocol2
Most of the attributes are protocol specific and are listed in the manual
page for each attribute. Those attributes that are global in meaning are
listed in the nsd(1M) manual page.
A control can be placed between any two protocols on the line. The
control is a state control pair in a set of square brackets. These are
used to force non-standard behavior in a file. The states are one of
success, notfound, unavail, tryagain and noperm. The controls are return
and continue:
map: protocol1 protocol2 [state=control] protocol3
A partial example configuration using attributes and controls is:
(timeout=100)
hosts: files(timeout=1000) dns
passwd(timeout=10): files(compat) [notfound=return] nis
phone: files(filename=/usr/local/phone, separator=":")
Page 3
nsswitch.conf(4)nsswitch.conf(4)
This sets a default cache file timeout of 100 seconds for the domain
represented by this file. The domain contains five maps hosts.byname,
hosts.byaddr, passwd.byname, passwd.byuid and phone. Entries in the
hosts.byname and hosts.byaddr maps are identical. First nsd looks in a
local ASCII file, then it calls out to a dns server which answers for the
domain (as specified in the dns configuration file /etc/resolv.conf, see
resolver(4)). Host entries looked up in the local file are given a
longer cache timeout of 1000 seconds. The passwd.byname and passwd.byuid
maps are identical. First nsd will look in the local ASCII file then it
will call out to an nis server answering for this domain. If the key
does not exist in the local file then we force nsd to return immediately
without ever calling out the nis. However, the files library is given
the "compat" flag which will cause it to expand +/- escapes for password
lookups using the following libraries. Thus, every user must exist in
the local passwd file, but if a +/- escape exists for them in the file
the nis protocol is used to expand it. The phone map is a non-standard
map. The data is kept in a simple ASCII file /usr/local/phone of the
format "key:data". For the local domain /etc/nsswitch.conf if required
tables are missing then the nsd daemon will add the table with default
values. If you wish to override this behavior then you should add a line
for the table with no protocols, such as:
shadow.byname:
After editing any nsswitch.conf file the nsd daemon must be sent a SIGHUP
signal to reread the configuration. You can do this by running killall
-HUP nsd. This will not change the contents of the system wide cache.
To restart nsd and clear the cache use the nsadmin restart command.
The following shows how to set an attribute for any level in the /ns
namespace:
global Set attributes in the /ns namespace via the -a nsd command line
option.
domain Set attributes in the /ns/DOMAIN namespace by using
(attribute=value) by itself in the domain's nsswitch.conf file.
table (map)
Set attributes in the /ns/DOMAIN/TABLE namespace by appending
(attribute=value) to the name of the TABLE before the colon.
protocol
Set attributes for in the /ns/DOMAIN/TABLE/PROTOCOL namespace by
appending (attribute=value) to the name of the PROTOCOL library.
single key
Set attributes in for /ns/DOMAIN/TABLE/[PROTOCOL/]/key by
appending (attribute=value) to the name of the key when accessing
the file via the libc interfaces or inside of the /ns filesystem.
Page 4
nsswitch.conf(4)nsswitch.conf(4)BUGS
Most versions of sendmail do not use UNS to resolve aliases lookups. You
may have to modify /etc/aliases or /etc/sendmail.cf to get sendmail to
resolv aliases via NIS or nsd.
FILES
/etc/nsswitch.conf, /var/ns/domains/*/nsswitch.conf
SEE ALSOnsd(1M), nsadmin(1M)nis(7P), nisserv(7P), dns(7P), files(7P), mdbm(7P),
ldap(7P)
IRIX Admin: Networking and Mail
IRIX Admin: NFS and NIS
Page 5
