The name service switch is a configurable selection service that enables an administrator to specify which name information service or source to use for each type of network information. Each of the name information services is called a database. The name service switch is used by client applications that call any of the getXbyY() interfaces, such as the following:
Each system has its own configuration in an SMF repository. Each property defined in the name service switch identifies a particular database, such as a host, password, or group. The value assigned to each property lists one or more sources from which to request the information. Sometimes, these values include guidance or options. The guidance might include how many retries to a service must be attempted, which timeout to apply, or what to do if the service fails.
The name service switch also controls DNS forwarding for clients as described in Managing DNS Server and Client Services. DNS forwarding grants Internet access to clients.
You configure databases that are supported by the name service switch by using SMF services. To obtain a listing of these databases, use the svccfg command as shown in the following example.
# svccfg -s name-service/switch listprop config config application config/default astring files config/password astring "files nis" config/group astring "files nis" config/host astring "files nis" config/network astring "nis [NOTFOUND=return] files" config/protocol astring "nis [NOTFOUND=return] files" config/rpc astring "nis [NOTFOUND=return] files" config/ether astring "nis [NOTFOUND=return] files" config/netmask astring "files nis" config/bootparam astring "nis [NOTFOUND=return] files" config/publickey astring "nis [NOTFOUND=return] files" config/netgroup astring nis config/automount astring "files nis" config/alias astring "files nis" config/service astring "files nis" config/printer astring "user nis" config/auth_attr astring "files nis" config/prof_attr astring "files nis" config/project astring "files nis"
From the SMF perspective, these databases are considered configurable properties of the service. Each database stores the following type of information:
alias – Email addresses and aliases
auth_attr – Authorization names and descriptions
automount – Information about remote file systems that could be mounted locally
bootparam – Boot information for diskless clients
ether – Ethernet addresses and matching host names
group – Information about groups that can be used to share access to files
host – IP address and matching host names
netgroup – Information for shared NFS file systems
netmask – Network masks used to implement IP subnets
network – Name and number for each network
password – User account information
prof_attr – Execution profile names, descriptions, and other attributes
project – Project names, unique identifiers, and associated resource allocations
protocol – Internet protocol names, protocol numbers, and aliases
publickey – Public key information
rpc – Names and numbers of RPC programs
service – Name, port, and protocol for Internet services
tnrhdb – Security attributes for a host using the Trusted Extensions feature of Oracle Solaris
tnrhtp – Templates used by Trusted Extensions
In addition, the default property in the name service switch defines the source string for any database that is not otherwise defined. The value for this property is set to files to indicate that all the databases and their information are found locally in the /etc directory. You can set up a different configuration for the default property based on available sources. See How to Change the Source for All Naming Databases for the procedure.
The default property enables you to configure a source that universally applies to the databases, instead of configuring each database's source.
The kind of sources that can be listed in the name service switch for the databases are as follows:
ad – Identifies databases stored on an Active Directory server.
pam_list – Replaces the obsoleted compat database. It can be used for password and group information to support old-style + or - syntax in the /etc/passwd, /etc/shadow, and /etc/group files.
dns – Specifies that host information must be obtained from DNS.
files – Specifies a file stored in the client's /etc directory, for example, /etc/passwd.
ldap – Specifies that entries must be obtained from the LDAP directory.
mdns – Specifies hosts information by using mDNS.
nis – Specifies an NIS map, for example, the hosts map.
You can use the following search criteria formats to select one or more information sources, and to specify the order in which the sources are used.
Single Source – If an information type has only one source, such as files, a search routine that uses the switch searches for the information in that source only. If the routine finds the information, the routine returns a success status message. If the routine does not find the information, the routine stops searching and returns a different status message. What the routine does with the status message varies from routine to routine.
Multiple Sources – If a database contains multiple sources for a given information type, the switch directs the search routine to search in the first listed source. If the routine finds the information, the routine returns a success status message. If the routine does not find the information in the first source, the routine tries the next source. The routine searches all sources until the routine has found the information, or until the routine is halted by a return specification. If all of the listed sources are searched without finding the information, the routine stops searching and returns a non-success status message.
By default in the Oracle Solaris 11 release, the first source is files. This configuration prevents system freezes if the next source listed is not available.
If a routine finds the information, the routine returns a success status message. If the routine does not find the information, the routine returns one of three error status messages. Possible status messages are as follows:
SUCCESS – Requested entry was found in the specified source.
UNAVAIL – Source is either unresponsive or unavailable. In other words, none of the database sources could be found or accessed.
NOTFOUND –Source responded with "No such entry." In other words, the database was accessed, but the needed information was not found.
TRYAGAIN – Source is busy and might respond next time. In other words, the database was found but could not respond to the query.
You can instruct the name service switch to respond to status messages with either of the following two actions:
return – Stop looking for the information.
continue – Try the next source.
In addition, for the TRYAGAIN status message, you can define the following actions:
forever – Retry the current source indefinitely
n – Retry the current source n more times
The combination of the name service switch status message and action options determine what the search routine does at each step. The combination of the status message and action options make up the search criteria.
The switch's default search criteria are the same for every source. Some of the search criteria are as follows:
SUCCESS=return – Stop looking for the information. Proceed using the information that has been found.
UNAVAIL=continue – Go to the next name service switch source and continue searching. If this source is the last or only source, return with a NOTFOUND status.
NOTFOUND=continue – Go to the next name service switch source and continue searching. If this source is the last or only source, return with a NOTFOUND status.
TRYAGAIN=forever – Searches the current name service switch source indefinitely.
TRYAGAIN=3 – Searches the current source three times. After exhausting three retries, the TRYAGAIN action transitions to continue and searches the next name service switch source.
You can change the default search criteria by explicitly specifying another criteria by using the STATUS=action syntax. For the procedure, see How to Configure a Search Criterion for a Database.
The client library routines contain compiled-in default entries that are used if no specific SMF property or default SMF property is defined in the name service switch, or if the property is syntactically incorrect. Typically, these compiled-in defaults are files only.
The keyserv daemon reads the publickey properties in the name service switch only when keyserv is started. If you change the name service switch properties, keyserv does not register the changes until you restart the keyserv daemon by using svcadm refresh svc:/network/rpc/keyserv:default. You must run this command after the properties have been changed and the name-service/switch service has been refreshed so that the property changes are loaded into the SMF repository.