|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris Administration: Naming and Directory Services Oracle Solaris 11 Information Library|
The name service switch is a configurable selection service that enables an administrator to specify which name information service or source to use for each type of network information. The services are called a database. The name service switch is used by client applications that call any of the getXbyY() interfaces, such as the following.
Each system has its own configuration in an SMF repository. Each property defined in the name service switch identifies a particular database, such as a host, password, or group. The value assigned to each property lists one or more sources from which to request the information. Sometimes, these values include guidance or options. The guidance might include how many retries to a service should be attempted, what timeout to apply, or what to do if the service fails.
Table 2-1 Databases for the Name Service Switch
In addition, a default property in the name service switch defines the source string for any database that is not otherwise defined. If your network uses the same sources for most databases, then you can change the default property and not define a property for each database. See How to Change the Source for All Naming Databases for the procedure.
To support prior releases, the enable_passwd_compat and enable_group_compat properties can be set to true to enable compat mode for password and group information. This mode provides support for old-style + or - syntax in the appropriate databases. In the current release, this functionality has been replaced by the pam_list module.
The following table describes the kind of sources that can be listed in the name service switch for the databases listed above.
Table 2-2 Information Sources for the Name Service Switch
The following search criteria formats can be used to select one or more information sources, and to specify the order that the sources are used.
Single Source — If an information type has only one source, such as files, a search routine that uses the switch searches for the information in that source only. If the routine finds the information, the routine returns a success status message. If the routine does not find the information, the routine stops searching and returns a different status message. What the routine does with the status message varies from routine to routine.
Multiple Sources — If a database contains multiple sources for a given information type, the switch directs the search routine to search in the first listed source. If the routine finds the information, the routine returns a success status message. If the routine does not find the information in the first source, the routine tries the next source. The routine searches all sources until the routine has found the information, or until the routine is halted by a return specification. If all of the listed sources are searched without finding the information, the routine stops searching and returns a non-success status message.
By default in the Oracle Solaris 11 release, the first source is files. This configuration prevents system hangs if the next source listed is not available.
If a routine finds the information, the routine returns a success status message. If the routine does not find the information, the routine returns one of three error status messages. Possible status messages are listed in the following table.
Table 2-3 Status Messages for the Name Service Switch
You can instruct the name service switch to respond to status messages with either of the two actions shown in the following table.
Table 2-4 Responses to Status Messages from the Name Service Switch
In addition, for the TRYAGAIN status message, the following actions can be defined
forever – Retries the current source indefinitely
n – Retry the current source n more times
The combination of the name service switch status message and action options determine what the search routine does at each step. The combination of the status message and action options make up the search criteria.
You can change the default search criteria by explicitly specifying some other criteria by using the STATUS=action syntax shown in the preceding list. For example, the default action for a NOTFOUND condition is to continue the search to the next source. The search criteria for the network database could be reported as:
svc:/system/name-service/switch> listprop config/network config/network astring "nis [NOTFOUND=return] files"
The networks: nis [NOTFOUND=return] files entry specifies a non-default criterion for the NOTFOUND status. Non-default criteria are delimited by square brackets.
In this example, the search routine behaves as follows:
If the network database is available and contains the needed information, the routine returns with a SUCCESS status message.
If the network database is not available, the routine returns with an UNAVAIL status message. By default, the routine continues to search by using the next criteria listed.
If the network database is available and found, but the database does not contain the needed information, the routine returns with a NOTFOUND message. However, instead of continuing to search the next source, which would be the default behavior, the routine stops searching.
If the network database is busy, the routine returns with an TRYAGAIN status message and by default continues to search the network database.
Note - Lookups in the name service switch are performed in the order in which items are listed. However, password updates are performed in reverse order, unless otherwise specified by using the passwd -r repository command. See Name Service Switch and Password Information for more information.
The client library routines contain compiled-in default entries that are used if no specific SMF property or default SMF property is defined in the name service switch, or if the property is syntactically incorrect. Typically, these compiled-in defaults are “files” only.
The switch search criteria for the auto_home and auto_master tables and maps is combined into one category, which is called automount.
The keyserv daemon reads the publickey properties in the name service switch only when keyserv is started. If you change the name service switch properties, keyserv does not register the changes until the keyserv daemon is restarted by using svcadm refresh svc:/network/rpc/keyserv:default. This command must be run after the properties have been changed and the name-service/switch service has been refreshed so that the property changes are loaded into the SMF repository.