|[ Team LiB ]|
A.2 Name Service Switch (NSS)
The Name Service Switch (NSS) framework was designed to let administrators specify which files or directory services to query to obtain information. For example, it's frequently used to specify whether a system should perform hostname lookups in /etc/hosts, NIS, or DNS. Here's an entry from a typical NSS configuration file, named /etc/nsswitch.conf. It instructs the local machine to check its own /etc/hosts file first and to consult DNS only if the entry is not located. NIS is not consulted at all.
hosts: files dns
NSS can provide similar services for many different administrative databases. The following databases are generally defined in /etc/nsswitch.conf:
You can configure a different lookup method for each database. An NSS module does not need to support all of the databases listed above. Some lookup modules support only user accounts. The libnss_dns.so library is designed to resolve only hostnames and network addresses.
A typical NSS configuration for an LDAP-enabled host would appear as:
# /etc/nsswitch.conf # Legal entries are: # # nisplus or nis+: Use NIS+ (NIS Version 3) # nis or yp: Use NIS (NIS Version 2) # dns: Use DNS (Domain Name Service) # files: Use the local files # db: Use the local database (.db) files # compat: Use NIS on compat mode # hesiod: Use Hesiod for user lookups # ldap: Use PADL's nss_ldap ## How to handle users and groups passwd: files ldap shadow: files ldap group: files ldap ## DNS should be authoritative; use files only when DNS is not available. hosts: dns [NOTFOUND=return] files bootparams: ldap files ethers: ldap files netmasks: ldap files networks: ldap files protocols: ldap files rpc: ldap files services: ldap files netgroup: files ldap automount: files ldap aliases: files
More information can be found on the nsswitch.conf(5) manpage.
|[ Team LiB ]|