| 
nsswitch.conf(4)					      nsswitch.conf(4)
      nsswitch.conf - name service configuration	file
      /etc/nsswitch.conf, /var/ns/domains/*/nsswitch.conf
      This file controls	the behavior of	the name service daemon	nsd(1M).  It
     is	read by	the daemon on startup and is used to build a filesystem
     maintained	by nsd typically mounted on /ns.  The paths are	of the format
     /ns/domain/table/protocol/key.  Each nsswitch.conf	file results in	a
     domain directory under /ns.  The /etc/nsswitch.conf file corresponds to
     /ns/.local, while each file in /var/ns/domains/DOMAINNAME/nsswitch.conf
     will result in a directory	/ns/DOMAINNAME.
     The file contains a list of maps supported	by the daemon and a list of
     protocols to use to obtain	data for each map.  Anything following the
     comment character '#' will	be ignored.  Each line represents a different
     map (or a domain wide attribute list, see below).	It contains the	name
     of	the map	(or an alias, see below), followed by a	list of	protocols to
     be	used in	the order in which they	should be called:
	  map: protocol1 protocol2 protocol3 ... protocolN
     Each of these items can include any character but '/' up to 255
     characters.  If they include whitespace then they should be quoted	using
     the double-quote character	'"'.
     The default list of protocols that	are supported via shared libraries
     includes:
     files	 Traditional text files	from /etc
     dns	 Domain	name service.
     ldap	 Lightweight Directory Access Protocol version 2.
     mdbm	 Mdbm database format files.
     ndbm	 Ndbm database format files.
     db		 Berkeley db database format files.
     nis	 Network Information Services (formerly	YP) client.  This is
		 an optional product.
     nisserv	 Network Information Services (formerly	YP) server.  This is
		 an optional product.
     Any standard map that does	not have a configuration entry in
     nsswitch.conf will	be assigned a default value.  Aliases for the standard
     maps exist	to simplify the	file.  If a well known tabled is not listed in
     the /etc/nsswitch.conf file, a default value is used.  The	maps, aliases,
     and defaults are:
									Page 1
nsswitch.conf(4)					      nsswitch.conf(4)
     aliases	 for mail.aliases and mail.byaddr
		 Default value is:
		    aliases(null_extend_key): ndbm(file=/etc/aliases) nis
     automount	 for autofs maps. See autofs(1M).
		 Default value is:
		    automount(dynamic):	nis(nis_enumerate_key)
     capability	 for capability.byname
		 Default value is:
		    capability:	files nis
     clearance	 for clearance.byname
		 Default value is:
		    clearance: files nis
     ethers	 for ethers.byname and ethers.byaddr
		 Default value is:
		    ethers: files nis
     group	 for group.byname and group.bygid
		 Default value is:
		    group: files nis
     hosts	 for hosts.byname and hosts.byaddr
		 Default value is:
		    hosts: nis dns files
     mac	 for mac.byname	and mac.byvalue
		 Default value is:
		    mac: files nis
     mail	 for mail.aliases and mail.byaddr
		 Default value is:
		    aliases(null_extend_key): ndbm(file=/etc/aliases) nis
     netgroup	 for netgroup.byname, netgroup.byhost and netgroup.byuser
		 Default value is:
		    netgroup: nis
     networks	 for networks.byname and networks.byaddr
		 Default value is:
		    networks: files nis
     passwd	 for passwd.byname and passwd.byuid
		 Default value is:
		    passwd: files(compat) [notfound=return] nis
     protocols	 for protocols.byname and protocols.bynumber
		 Default value is:
		    protocols: nis [success=return] files
									Page 2
nsswitch.conf(4)					      nsswitch.conf(4)
     rpc	 for rpc.byname	and rpc.bynumber
		 Default value is:
		    rpc: files nis
     services	 for services.byname and services.byport
		 Default value is:
		    services: files nis
     shadow	 for shadow.byname
		 Default value is:
		    shadow(mode=0700): files
     The daemon	uses extended attributes attached to each object in the	tree
     to	control	the behavior of	lookups.  An attribute is specified by a key
     and value pair list in parenthesis:
	  (key1=value1,	key2=value2, key3=value3)
     A set of global attributes	can be given to	nsd on the command line	see
     nsd(1M).  Attributes on the domain	are given on a line of their own
     anywhere in the nsswitch.conf file.  Attributes on	the map	are given
     immediately following the map on a	line, and attributes on	the protocol
     are given immediately following the protocol name on a line.  Attributes
     are inherited from	above, so if an	attribute does not exist on a protocol
     then it is	inherited from the attribute list on the map, and if it	does
     not exist on the map then it is inherited from the	domain,	and if not
     from the domain then from the global attributes.  If the value is not
     specified then it is considered a boolean true.  All keys and values are
     strings, but may be interpreted internally	as numbers or boolean values.
	  (key1=value1,	key2=value2)
	  map1(key1=value1, key3=value3): protocol1(key1=value1) \
	  protocol2
     Most of the attributes are	protocol specific and are listed in the	manual
     page for each attribute.  Those attributes	that are global	in meaning are
     listed in the nsd(1M) manual page.
     A control can be placed between any two protocols on the line.  The
     control is	a state	control	pair in	a set of square	brackets.  These are
     used to force non-standard	behavior in a file.  The states	are one	of
     success, notfound,	unavail, tryagain and noperm.  The controls are	return
     and continue:
	  map: protocol1 protocol2 [state=control] protocol3
     A partial example configuration using attributes and controls is:
	       (timeout=100)
	       hosts: files(timeout=1000) dns
	       passwd(timeout=10): files(compat) [notfound=return] nis
	       phone: files(filename=/usr/local/phone, separator=":")
     This sets a default cache file timeout of 100 seconds for the domain
     represented by this file.	The domain contains five maps hosts.byname,
     hosts.byaddr, passwd.byname, passwd.byuid and phone.  Entries in the
									Page 3
nsswitch.conf(4)					      nsswitch.conf(4)
     hosts.byname and hosts.byaddr maps	are identical. First nsd looks in a
     local ASCII file, then it calls out to a dns server which answers for the
     domain (as	specified in the dns configuration file	/etc/resolv.conf, see
     resolver(4)).  Host entries looked	up in the local	file are given a
     longer cache timeout of 1000 seconds.  The	passwd.byname and passwd.byuid
     maps are identical.  First	nsd will look in the local ASCII file then it
     will call out to an nis server answering for this domain.	If the key
     does not exist in the local file then we force nsd	to return immediately
     without ever calling out the nis.	However, the files library is given
     the "compat" flag which will cause	it to expand +/- escapes for password
     lookups using the following libraries.  Thus, every user must exist in
     the local passwd file, but	if a +/- escape	exists for them	in the file
     the nis protocol is used to expand	it. The	phone map is a non-standard
     map.  The data is kept in a simple	ASCII file /usr/local/phone of the
     format "key:data".	For the	local domain /etc/nsswitch.conf	if required
     tables are	missing	then the nsd daemon will add the table with default
     values.  If you wish to override this behavior then you should add	a line
     for the table with	no protocols, such as:
	  shadow.byname:
     After editing any nsswitch.conf file the nsd daemon must be sent a	SIGHUP
     signal to reread the configuration.  You can do this by running killall
     -HUP nsd.	This will not change the contents of the system	wide cache.
     To	restart	nsd and	clear the cache	use the	nsadmin	restart	command.
     The following shows how to	set an attribute for any level in the /ns
     namespace:
     global  Set attributes in the /ns namespace via the -a nsd	command	line
	     option.
     domain  Set attributes in the /ns/DOMAIN namespace	by using
	     (attribute=value) by itself in the	domain's nsswitch.conf file.
     table (map)
	     Set attributes in the /ns/DOMAIN/TABLE namespace by appending
	     (attribute=value) to the name of the TABLE	before the colon.
     protocol
	     Set attributes for	in the /ns/DOMAIN/TABLE/PROTOCOL namespace by
	     appending (attribute=value) to the	name of	the PROTOCOL library.
     single key
	     Set attributes in for /ns/DOMAIN/TABLE/[PROTOCOL/]/key by
	     appending (attribute=value) to the	name of	the key	when accessing
	     the file via the libc interfaces or inside	of the /ns filesystem.
     Most versions of sendmail do not use UNS to resolve aliases lookups. You
     may have to modify	/etc/aliases or	/etc/sendmail.cf to get	sendmail to
     resolv aliases via	NIS or nsd.
									Page 4
nsswitch.conf(4)					      nsswitch.conf(4)
     /etc/nsswitch.conf, /var/ns/domains/*/nsswitch.conf
 
     nsd(1M), nsadmin(1M) nis(7P), nisserv(7P),	dns(7P), files(7P), mdbm(7P),
     ldap(7P)
     IRIX Admin: Networking and	Mail
     IRIX Admin: NFS and NIS
									PPPPaaaaggggeeee 5555[ Back ] |