Name Services Overview
Name services store information in a central location that users, systems, and applications must be able to access to communicate across the network. Information is stored in files, maps, or database tables. Without a central name service, each system would have to maintain its own copy of this information. Therefore, centrally locating this data makes it easier to administer large networks.
DNS Exception The DNS name service can be thought of as an exception when considering its global nature because information is stored in hierarchical root servers and in many other servers around the world. The examples provided in this book relate to Local Area Networks, where a DNS server would contain host information relating to the local environment, and is therefore centrally located. The exception applies when the DNS server is connected to the Internet and is part of the global DNS name space.
The information handled by a name service includes, but is not limited to, the following:
The Solaris 10 release provides the name services listed in Table 12.1.
A name service enables centralized management of host files so that systems can be identified by common names instead of by numerical addresses. This simplifies communication because users do not have to remember to enter cumbersome numerical addresses such as 126.96.36.199.
Addresses are not the only network information that systems need to store. They also need to store security information, email addresses, information about their Ethernet interfaces, network services, groups of users allowed to use the network, services offered on the network, and so on. As networks offer more services, the list grows. As a result, each system might need to keep an entire set of files similar to /etc/hosts.
As this information changes, without a name service, administrators must keep it current on every system in the network. In a small network, this is simply tedious, but on a medium or large network, the job becomes not only time consuming but also nearly unmanageable.
The Name Service Switch File
The name service switch file controls how a client workstation or application obtains network information. The name service switch is often simply referred to as "the switch." The switch determines which naming services an application uses to obtain naming information, and in what order. It is a file called nsswitch.conf, which is stored in each system's /etc directory. Also in every system's /etc directory, you'll find templates that can be used as the nsswitch.conf file, as described in Table 12.2. Whatever name service you choose, select the appropriate name service switch template, copy it to nsswitch.conf, and customize it as required.
When you install Solaris 10, the correct template file is copied to /etc/nsswitch.conf. This template file contains the default switch configurations used by the chosen naming service. If during software installation you select "none" as the default name service, then the local /etc files will be used. In this case, /etc/nsswitch.conf is created from nsswitch.files, which looks like this:
# /etc/nsswitch.files: # # An example file that could be copied over to /etc/nsswitch.conf; it # does not use any naming service. # # "hosts:" and "services:" in this file are used only if the # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports. passwd: files group: files hosts: files ipnodes: files networks: files protocols: files rpc: files ethers: files netmasks: files bootparams: files publickey: files # At present there isn't a 'files' backend for netgroup; the system will # figure it out pretty quickly, and won't use netgroups at all. netgroup: files automount: files aliases: files services: files sendmailvars: files printers: user files auth_attr: files prof_attr: files project: files
If you decide to use a different name service after software installation, you can move the correct switch file into place manually. For example, if you start using NIS then copy /etc/nsswitch.nis as follows:
cp /etc/nsswitch.nis /etc/nsswitch.conf
The default /etc/nsswitch.nis file looks like this:
# /etc/nsswitch.nis: # # An example file that could be copied over to /etc/nsswitch.conf; it # uses NIS (YP) in conjunction with files. # # "hosts:" and "services:" in this file are used only if the # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports. # NIS service requires that svc:/network/nis/client:default be enabled # and online. # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. passwd: files nis group: files nis # consult /etc "files" only if nis is down. hosts: nis [NOTFOUND=return] files # Note that IPv4 addresses are searched for in all of the ipnodes databases # before searching the hosts databases. ipnodes: nis [NOTFOUND=return] files networks: nis [NOTFOUND=return] files protocols: nis [NOTFOUND=return] files rpc: nis [NOTFOUND=return] files ethers: nis [NOTFOUND=return] files netmasks: nis [NOTFOUND=return] files bootparams: nis [NOTFOUND=return] files publickey: nis [NOTFOUND=return] files netgroup: nis automount: files nis aliases: files nis # for efficient getservbyname() avoid nis services: files nis printers: user files nis auth_attr: files nis prof_attr: files nis project: files nis
Each line of the /etc/nsswitch.nis file identifies a particular type of network information, such as host, password, and group, followed by one or more sources, such as NIS maps, the DNS hosts table, or the local /etc files. The source is where the client looks for the network information. For example, the system should first look for the passwd information in the /etc/passwd file. Then, if it does not find the login name there, it needs to query the NIS server.
The name service switch file lists many types of network information, called databases, with their name service sources for resolution, and the order in which the sources are to be searched. Table 12.3 lists valid sources that can be specified in this file.
As shown in the previous nsswitch.nis template file, the name service switch file can contain action values for several of the entries. When the naming service searches a specified source, such as local files or NIS, the source returns a status code. These status codes are described in Table 12.4.
For each status code, two actions are possible:
The default actions are as follows:
SUCCESS = return UNAVAIL = continue NOTFOUND = continue TRYAGAIN = continue
Normally, a success indicates that the search is over and an unsuccessful result indicates that the next source should be queried. There are occasions, however, when you want to stop searching when an unsuccessful search result is returned. For example, the following entry in the nsswitch.nis template states that only the NIS hosts table in the NIS map is searched:
hosts: nis [NOTFOUND=return] files
If the NIS map has no entry for the host lookup, the system would not reference the local /etc/hosts file. Remove the [NOTFOUND=return] entry if you want to search the NIS hosts table and the local /etc/hosts file.
NOTFOUND=return The next source in the list will only be searched if NIS is down, or has been disabled.