Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
1.  The Name Service Switch The nsswitch.conf Template Files The Default Switch Template Files  Previous   Contents   Next 
   
 

The nsswitch.conf File

The default nsswitch.conf file that is installed when you install the Solaris operating environment for the first time is determined by which naming service you select during the Solaris software installation process. Each line of that file identifies a particular type of network information, such as host, password, and group, followed by one or more sources, such as NIS+ tables, NIS maps, the DNS hosts table, or local /etc, where the client is to look for that information. When you chose a naming service, the switch template file for that service is copied to create the new nsswitch.conf file. For example, if you choose NIS+, the nsswitch.nisplus file is copied to create a new nsswitch.conf file.

An /etc/nsswitch.conf file is automatically loaded into every machine's /etc directory by the Solaris 9release software, along with the following alternate (template) versions:

  • /etc/nsswitch.nisplus

  • /etc/nsswitch.nis

  • /etc/nsswitch.files

These alternate template files contain the default switch configurations used by the NIS+ and NIS services, local files, and LDAP. When the Solaris operating environment is first installed on a machine, the installer selects the machine's default naming service: NIS+, NIS, local files, or LDAP. During installation, the corresponding template file is copied to /etc/nsswitch.conf. For example, for a machine client using NIS+, the installation process copies nsswitch.nisplus to nsswitch.conf.

Unless you have an unusual namespace, the default template file as copied to nsswitch.confshould be sufficient for normal operation.

Selecting a Different Configuration File

When you change a machine's naming service, you need to modify that machine's switch file accordingly. For example, if you change a machine's naming service from NIS to NIS+, you need to install a switch file appropriate for NIS+. You change switch files by copying the appropriate template file to nsswitch.conf.

If you are installing NIS+ on a machine using the NIS+ installation scripts, the NIS+ template script is copied to nsswitch.conf for you. In this case, you do not have to configure the switch file unless you want to customize it.

Before proceeding to change switch files, make sure the sources listed in the file are properly set up. In other words, if you are going to select the NIS+ version, the client must eventually have access to NIS+ service; if you are going to select the local files version, those files must be properly set up on the client.

Modifying the name service switch

To change to a switch file, follow these steps:

  1. Log in to the client as superuser.

  2. Copy the alternate file appropriate for the machine's naming service over the nsswitch.conf file.

    NIS+ Version (done automatically for you by NIS+ scripts)

    client1# cd /etc
client1# cp nsswitch.nisplus nsswitch.conf

    NIS Version

    client1# cd /etc
client1# cp nsswitch.nis nsswitch.conf

    Local /etc Files Version

    client1# cd /etc
client1# cp nsswitch.files nsswitch.conf

  3. Reboot the machine.

    The nscd naming service cache daemon caches switch information. Some library routines do not periodically check the nsswitch.conf file to see whether it has been changed. You must reboot the machine to make sure that the daemon and those routines have the latest information in the file.

How to Enable an NIS+ Client to Use IPv6

  1. Log in as superuser.

  2. Edit the /etc/nsswitch.conf file.

  3. Add the new ipnodes source and specify the naming service (such as ldap).

    ipnodes: ldap [NOTFOUND=return] files

    ipnodes defaults to files. During the transition from IPv4 to IPv6, where all naming services are not aware of IPv6 addresses, you should accept the files default. Otherwise, unnecessary delays might result during the resolution of addresses.

  4. Save the file and reboot the machine.

    Because the nscd daemon caches this information, which it reads at start up, you must reboot the machine now.

Ensuring Compatibility With +/- Syntax

If +/- is used in /etc/passwd, /etc/shadow, and /etc/group files, you will need to modify the nsswitch.conffile to insure compatibility.

  • NIS+. To provide +/- semantics with NIS+, change the passwd and groups sources to compat and add a passwd_compat: nisplus entry to the nsswitch.conf file after the passwd or group entry as shown below:

    passwd: compat
passwd_compat: nisplus
group: compat
group_compat: nisplus

    The above specifies that client routines obtain their network information from /etc files and NIS+ tables as indicated by the +/- entries in the files.

  • NIS. To provide the same syntax as in the SunOS™ 4 release, change the passwd and groups sources to compat. 

    passwd: compat
group: compat

    This specifies that /etc files and NIS maps as indicated by the +/- entries in the files.

Note - Users working on a client machine being served by an NIS+ server running in NIS compatibility mode cannot run ypcat on the netgroup table. Doing so will give you results as if the table were empty even if it has entries.

The Switch File and Password Information

Caution - files should be the first source in the nsswitch.conf file for passwd information. If files is not the first source, network security could be weakened and users could encounter log in difficulty.

For example, in an NIS+ environment, the passwd line of the nsswitch.conf file should look like this: 

passwd: files nisplus

In an NIS environment, the passwd line of the nsswitch.conf file should look like this:

passwd: files nis
 		 
 
  Previous   Contents   Next