This is called /etc/nsswitch.conf, and is used to control which name service will be used to access a particular type of data. We've briefly come across it in some other chapters, but we'll take a closer look at it here. If we look at the file we're using for our currently configured name service"local files"we would see something similar to that shown below: tin# cat /etc/nsswitch.conf # # An example file that could be copied over to # /etc/nsswitch.conf; it does not use any naming service. # passwd: files group: files hosts: files ipnodes: files networks: files protocols: files rpc: files ethers: files netmasks: files bootparams: files publickey: files netgroup: files automount: files aliases: files services: files sendmailvars: files printers: user files auth_attr: files prof_attr: files project: files tin# This shows that each entry consists of the name of an administration file along with a list of sources that should be used to locate the required data. The sources are essentially the name service entries, but also include additional methods. Table 12.1 provides us with the list of the available keywords that can be used. Table 12.1. Nsswitch.conf SourcesName Service | Description |
---|
Files | Use the machine's local /etc files as the data source | NIS | Use NIS as the data source | NIS+ | Use NIS+ as the data source | LDAP | Use LDAP as the data source | DNS | Use DNS as the data source for the host details | Compat | Support the BSD "+" and "-" syntax in /etc/passwd, /etc/shadow, and /etc/group | User, XFN | Introduced in Solaris 8 and valid only for printers; "user" allows a ${HOME}/.printers file while "XFN" uses the Federated Naming Service (FNS) | For example, our "passwd" entry will use the "local files" source, the /etc/passwd and /etc/shadow files, for its data lookups. Status Codes and Actions Multiple source entries can be defined, as shown by the "printers" entry in our earlier example. These are simply searched in the order they are listed. However, we can also add some control to them using a series of status and action codes. Each source will return a code that indicates the status of the search; that is, whether it was successful or not. The available codes are shown in Table 12.2 along with a description showing the conditions that would cause each of the codes to be returned. Table 12.2. Source Status CodesStatus/Action | Meaning |
---|
SUCCESS | Entry was found in the name service | UNAVAIL | Service is not responding | NOTFOUND | No entry in the name service | TRYAGAIN | Service is busy; try again | Next we need to decide what action the system should take for each name service. A number of action codes are available to do this, and are shown in Table 12.3. Table 12.3. Source Action CodesStatus/Action | Meaning |
---|
continue | Move to the next service listed | return | Return back | forever | Introduced in Solaris 8. When used with "TRYAGAIN," this will loop forever | Now we can tie the two together. For example, if we always want to end a search after correctly finding some data, we could use something similar to the directive below. This states that if NIS is successful and locates the data, it should return, rather than moving on and searching the next name service ("files" in this case). passwd: nis [SUCCESS=return] files Each name service needs to know what actions to perform for every one of the status codes, but fortunately a set of default values has been created to ease typing! These values are as follows: SUCCESS = return NOTFOUND = continue UNAVAIL = continue TRYAGAIN = continue This means that the following two entries are identical: passwd: nis [ SUCCESS=return NOTFOUND=continue \ UNAVAIL=continue TRYAGAIN=continue ]files passwd: nis files We can see from this that the only time we need to add a status/action directive is when it differs from the default, as in the case of the standard NIS switch shown below: hosts: nis [NOTFOUND=return] files Template Switch Files There are presently six files supplied with Solaris that relate to the switch file; these are listed below: tin# ls /etc/nsswitch* /etc/nsswitch.conf /etc/nsswitch.dns /etc/nsswitch.files /etc/nsswitch.ldap /etc/nsswitch.nis /etc/nsswitch.nisplus tin# Five of these are template files, each one relating to a name service (files, DNS, LDAP, NIS, and NIS+), while the sixth (nsswitch.conf) is the master configuration file itself. The correct template to use is normally set by the installation mechanism when users select the type of service they are running, but are often copied later by the system administrator to alter the service type quickly. For example, throughout this chapter we'll alter between using files and NIS by copying the relevant file into place, as shown below: tin# cp /etc/nsswitch.nis /etc/nsswitch.conf tin# cp /etc/nsswitch.files /etc/nsswitch.conf tin# |