JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (NIS+)
search filter icon
search icon

Document Information


Part I About Naming and Directory Services

1.  Name Service Switch

About the Name Service Switch

Format of the nsswitch.conf File

Search Criteria

Switch Status Messages

Switch Action Options

Default Search Criteria

What if the Syntax is Wrong?

Auto_home and Auto_master

Timezone and the Switch File

Comments in nsswitch.conf Files

Keyserver and publickey Entry in the Switch File

nsswitch.conf Template Files

Default Name Service Switch Template Files

nsswitch.conf File

Selecting a Different Configuration File

Modifying the Name Service Switch

Enabling an NIS+ Client to Use IPv6 Prior to the Solaris 10 7/07 Release

How to Enable an NIS+ Client to Use IPv6

Ensuring NIS-NIS+ Compatibility With +/- Syntax

Name Service Switch File and Password Information

Part II NIS+ Setup and Configuration

2.  NIS+: An Introduction

3.  NIS+ Setup Scripts

4.  Configuring NIS+ With Scripts

5.  Setting Up the NIS+ Root Domain

6.  Configuring NIS+ Clients

7.  Configuring NIS+ Servers

8.  Configuring an NIS+ Non-Root Domain

9.  Setting Up NIS+ Tables

Part III NIS+ Administration

10.  NIS+ Tables and Information

11.  NIS+ Security Overview

12.  Administering NIS+ Credentials

13.  Administering NIS+ Keys

14.  Administering Enhanced NIS+ Security Credentials

15.  Administering NIS+ Access Rights

16.  Administering NIS+ Passwords

17.  Administering NIS+ Groups

18.  Administering NIS+ Directories

19.  Administering NIS+ Tables

20.  NIS+ Server Use Customization

21.  NIS+ Backup and Restore

22.  Removing NIS+

23.  Information in NIS+ Tables

24.  NIS+ Troubleshooting

A.  NIS+ Error Messages

About NIS+ Error Messages

Common NIS+ Namespace Error Messages

B.  Updates to NIS+ During the Solaris 10 Release

Solaris 10 and NIS+



About the Name Service Switch

The name service switch is a file named nsswitch.conf. It controls how a client machine or application obtains network information.

It is used by client applications that call any of the getXbyY() interfaces such as:

Each machine has a switch file in its /etc directory. Each line of that file identifies a particular type of network information, such as host, password, and group, followed by one or more sources where the client is to look for that information.

A client can obtain naming information from one or more of the switch's sources. For example, an NIS+ client could obtain its hosts information from an NIS+ table and its password information from a local /etc file. In addition, it could specify the conditions under which the switch must use each source (see Table 1-1).

The Solaris software automatically loads an nsswitch.conf file into every machine's /etc directory as part of the installation process. Four alternate (template) versions of the switch file are also loaded into /etc for LDAP, NIS, NIS+, or files. See nsswitch.conf Template Files.

These four files are alternate default switch files. Each one is designed for a different primary naming service: /etc files, NIS, NIS+, or LDAP. When the Solaris software is first installed on a machine, the installer selects the machine's default naming service: NIS+, NIS, local files, or LDAP. During installation, the corresponding template file is copied to nsswitch.conf. For example, for a machine client using LDAP, the installation process copies nsswitch.ldap to nsswitch.conf. Unless you have an unusual namespace, the default template file as copied to nsswitch.conf should be sufficient for normal operation.

If you later change a machine's primary naming service, you copy the appropriate alternate switch file to nsswitch.conf. (See nsswitch.conf Template Files.) You can also change the sources of particular types of network information used by the client by editing the appropriate lines of the /etc/nsswitch.conf file. The syntax for doing this is described below, and additional instructions are provided in Modifying the Name Service Switch.

Format of the nsswitch.conf File

The nsswitch.conf file is essentially a list of 16 types of information and the sources that getXXbyYY() routines search for that information.

The 16 types of information, not necessarily in this order, are:

The following table provides a description of the kind of sources that can be listed in the switch file for the information types above.

Table 1-1 Switch File Information Sources

Information Sources
A file stored in the client's /etc directory. For example, /etc/passwd.
An NIS+ table. For example, the hosts table.
An NIS map. For example, the hosts map.
Compat can be used for password and group information to support old-style + or - syntax in /etc/passwd, /etc/shadow, and /etc/group files.
Can be used to specify that host information be obtained from DNS.
Can be used to specify entries be obtained from the LDAP directory.
Search Criteria

Single Source. If an information type has only one source, such as nisplus a routine using the switch searches for the information in that source only. If it finds the information, it returns a success status message. If it does not find the information, it stops searching and returns a different status message. What the routine does with the status message varies from routine to routine.

Multiple Sources. If a table has more than one source for a given information type, the switch directs the routine to start searching for the information in the first source that is listed. If it finds the information, it returns a success status message. If it does not find the information in the first source, it tries the next source. The routine will search through all of the sources until it has found the information it needs, or it is halted by encountering a return specification. If all of the listed sources are searched without finding the information, the routine stops searching and returns a non-success status message.

Switch Status Messages

If a routine finds the information, it returns a success status message. If it does not find the information for which it is looking, it returns one of three unsuccessful status messages, depending on the reason for not finding the information. Possible status messages are listed in the following table.

Table 1-2 Switch Search Status Messages

Status Message
Meaning of Message
The requested entry was found in the specified source.
The source is not responding or is unavailable. That is, the NIS+ table, or NIS map, or /etc file could not be found or accessed.
The source responded with “No such entry.” In other words, the table, map, or file was accessed but it did not contain the needed information.
The source is busy; it might respond next time. In other words, the table, map, or file was found, but it could not respond to the query.
Switch Action Options

You can instruct the switch to respond to status messages with either of these two actions shown in the following table.

Table 1-3 Responses to Switch Status Messages

Stop looking for the information.
Try the next source, if there is one.
Default Search Criteria

The combination of nsswitch.conf file status message and action option determines what the routine does at each step. This combination of status and action is called the search criteria.

The switch's default search criteria are the same for every source.

Described in terms of the status messages listed above, the default search criteria are:

Because these are the default search criteria, they are assumed. That is, you do not have to explicitly specify them in the switch file. You can change these default search criteria by explicitly specifying some other criteria using the STATUS=action syntax show above. For example, the default action for a NOTFOUND condition is to continue the search to the next source. To specify that for a particular type of information, such as networks, the search is to halt on a NOTFOUND condition, you would edit the networks line of the switch file to read:

networks: nis [NOTFOUND=return] files

The networks: nis [NOTFOUND=return] files line specifies a non-default criterion for the NOTFOUND status. Non-default criteria are delimited by square brackets.

In this example, the search routine behaves as follows:

Note - Lookups in the nsswitch.conf file are done in the order in which items are listed. However, password updates are done in reverse order, unless otherwise specified by using the passwd -r repository command. See Name Service Switch File and Password Information for more information.

What if the Syntax is Wrong?

Client library routines contain compiled-in default entries that are used if an entry in the nsswitch.conf file is either missing or syntactically incorrect. These entries are the same as the switch file's defaults.

The name service switch assumes that the spelling of table and source names is correct. If you misspell a table or source name, the switch uses default values.

Auto_home and Auto_master

The switch search criteria for the auto_home and auto_master tables and maps is combined into one category called automount.

Timezone and the Switch File

The timezone table does not use the switch, so it is not included in the switch file's list.

Comments in nsswitch.conf Files

Any nsswitch.conf file line beginning with a comment character (#) is interpreted as a comment line and is ignored by routines that search the file.

When a comment character (#) is included in the middle of the line, characters preceding the comment mark are interpreted by routines that search the nsswitch.conf file. Characters to the right of the comment mark are interpreted as comments and ignored.

Table 1-4 Switch File Comment Examples

Type of Line
Comment line (not interpreted).
# hosts: nisplus [NOTFOUND=return] files
Fully interpreted line.
hosts: nisplus [NOTFOUND=return] file
Partially interpreted line (the files element not interpreted)
hosts: nisplus [NOTFOUND=return] # files

Keyserver and publickey Entry in the Switch File


Caution - You must restart the keyserver after you make a change to nsswitch.conf

The keyserver reads the publickey entry in the name service switch configuration file only when the keyserver is started. As a result, if you change the switch configuration file, the keyserver does not become aware of changes to the publickey entry until it is restarted.