A.2 Name Service Switch (NSS)
The Name Service Switch (NSS) framework
was designed to let administrators specify which files or directory
services to query to obtain information. For example,
it's frequently used to specify whether a system
should perform hostname lookups in /etc/hosts,
NIS, or DNS. Here's an entry from a typical NSS
configuration file, named
/etc/nsswitch.conf. It instructs the local machine to check
its own /etc/hosts file first and to consult DNS
only if the entry is not located. NIS is not consulted at all.
hosts: files dns
NSS can provide similar services for many different administrative
databases. The following databases are generally defined in
/etc/nsswitch.conf:
- passwd
- shadow
- group
- hosts
- ethers
- networks
- protocols
- rpc
- services
- netgroup
- aliases
- automount
You can configure a different lookup method for each database. An NSS
module does not need to support all of the databases listed above.
Some lookup modules support only user accounts. The libnss_dns.so
library is designed to resolve only hostnames and network addresses.
A typical NSS configuration for an LDAP-enabled host would appear as:
# /etc/nsswitch.conf
# Legal entries are:
#
# nisplus or nis+: Use NIS+ (NIS Version 3)
# nis or yp: Use NIS (NIS Version 2)
# dns: Use DNS (Domain Name Service)
# files: Use the local files
# db: Use the local database (.db) files
# compat: Use NIS on compat mode
# hesiod: Use Hesiod for user lookups
# ldap: Use PADL's nss_ldap
## How to handle users and groups
passwd: files ldap
shadow: files ldap
group: files ldap
## DNS should be authoritative; use files only when DNS is not available.
hosts: dns [NOTFOUND=return] files
bootparams: ldap files
ethers: ldap files
netmasks: ldap files
networks: ldap files
protocols: ldap files
rpc: ldap files
services: ldap files
netgroup: files ldap
automount: files ldap
aliases: files
More information can be found on the
nsswitch.conf(5) manpage.
|
