In the man page for passwd, you see the following:
If all requirements are met, by default, the passwd(1) command consults /etc/nsswitch.conf to determine which repositories need a password update. It searches the passwd(4) and passwd_compat entries. The sources (repositories) associated with these entries are updated. However, the supported password update configurations are limited to the following five cases. Failure to comply with the configurations prevents users from logging in to the system.
passwd: files passwd: files nis passwd: files nisplus passwd: compat (==> files nis) passwd: compat (==> files nisplus) passwd_compat: nisplus