A.2 Name Service Switch (NSS)

The Name Service Switch (NSS) framework was designed to let administrators specify which files or directory services to query to obtain information. For example, it's frequently used to specify whether a system should perform hostname lookups in /etc/hosts, NIS, or DNS. Here's an entry from a typical NSS configuration file, named /etc/nsswitch.conf. It instructs the local machine to check its own /etc/hosts file first and to consult DNS only if the entry is not located. NIS is not consulted at all.

hosts:      files dns

NSS can provide similar services for many different administrative databases. The following databases are generally defined in /etc/nsswitch.conf:

passwd

shadow

group

hosts

ethers

networks

protocols

rpc

services

netgroup

aliases

automount

You can configure a different lookup method for each database. An NSS module does not need to support all of the databases listed above. Some lookup modules support only user accounts. The libnss_dns.so library is designed to resolve only hostnames and network addresses.

A typical NSS configuration for an LDAP-enabled host would appear as:

# /etc/nsswitch.conf # Legal entries are: # # nisplus or nis+: Use NIS+ (NIS Version 3) # nis or yp: Use NIS (NIS Version 2) # dns: Use DNS (Domain Name Service) # files: Use the local files # db: Use the local database (.db) files # compat: Use NIS on compat mode # hesiod: Use Hesiod for user lookups # ldap: Use PADL's nss_ldap        ## How to handle users and groups passwd:     files ldap  shadow:     files ldap  group:      files ldap         ## DNS should be authoritative; use files only when DNS is not available. hosts:      dns [NOTFOUND=return] files        bootparams: ldap files        ethers:     ldap files netmasks:   ldap files networks:   ldap files protocols:  ldap files rpc:        ldap files services:   ldap files        netgroup:   files ldap automount:  files ldap  aliases:    files

More information can be found on the nsswitch.conf(5) manpage.