xref: /netbsd-src/external/bsd/libbind/dist/doc/irs.conf.cat5 (revision 5bbd2a12505d72a8177929a37b5cee489d0a1cfd) 
1*5bbd2a12SchristosIRS.CONF(5)               FreeBSD File Formats Manual              IRS.CONF(5)
2b5677b36Schristos
3b5677b36SchristosNNAAMMEE
4*5bbd2a12Schristos     iirrss..ccoonnff -- Information Retrieval System configuration file
5b5677b36Schristos
6b5677b36SchristosSSYYNNOOPPSSIISS
7b5677b36Schristos     iirrss..ccoonnff
8b5677b36Schristos
9b5677b36SchristosDDEESSCCRRIIPPTTIIOONN
10b5677b36Schristos     The irs(3) functions are a set of routines in the C library which provide
11b5677b36Schristos     access to various system maps.  The maps that irs currently controls are
12b5677b36Schristos     the following: passwd, group, services, protocols, hosts, networks and
13b5677b36Schristos     netgroup.  When a program first calls a function that accesses one of
14b5677b36Schristos     these maps, the irs configuration file is read, and the source of each
15b5677b36Schristos     map is determined for the life of the process.
16b5677b36Schristos
17b5677b36Schristos     If this file does not exist, the irs routines default to using local
18b5677b36Schristos     sources for all information, with the exception of the host and networks
19b5677b36Schristos     maps, which use the Domain Name System (DNS).
20b5677b36Schristos
21b5677b36Schristos     Each record in the file consists of one line.  A record consists of a
22b5677b36Schristos     map-name, an access-method and possibly a (comma delimited) set of
23b5677b36Schristos     options, separated by tabs or spaces.  Blank lines, and text between a #
24b5677b36Schristos     and a newline are ignored.
25b5677b36Schristos
26b5677b36Schristos     Available maps:
27b5677b36Schristos
28b5677b36Schristos           Map name        Information in map
29b5677b36Schristos           =========       ==================================
30b5677b36Schristos           passwd          User authentication information
31b5677b36Schristos           group           User group membership information
32b5677b36Schristos           services        Network services directory
33b5677b36Schristos           protocols       Network protocols directory
34b5677b36Schristos           hosts           Network hosts directory
35b5677b36Schristos           networks        Network "network names" directory
36b5677b36Schristos           netgroup        Network "host groups" directory
37b5677b36Schristos
38b5677b36Schristos     Available access methods:
39b5677b36Schristos
40b5677b36Schristos           Access method   Description
41b5677b36Schristos           =============   =================================================
42b5677b36Schristos           local           Use a local file, usually in /etc
43b5677b36Schristos           dns             Use the domain name service (includes hesiod)
44b5677b36Schristos           nis             Use the Sun-compatible Network Information Service
45b5677b36Schristos           irp             Use the IRP daemon on the localhost.
46b5677b36Schristos
47b5677b36Schristos     Available options:
48b5677b36Schristos
49b5677b36Schristos           Option          Description
50b5677b36Schristos           ========        ================================================
51*5bbd2a12Schristos           continue        don't stop searching if you can't find something
52*5bbd2a12Schristos           merge           don't stop searching if you CAN find something
53b5677b36Schristos
54*5bbd2a12Schristos     The continue option creates ``union namespaces'' whereby subsequent
55*5bbd2a12Schristos     access methods of the same map type can be tried if a name cannot be
56*5bbd2a12Schristos     found using earlier access methods.  This can be quite confusing in the
57*5bbd2a12Schristos     case of host names, since the name to address and address to name map-
58*5bbd2a12Schristos     pings can be visibly asymmetric even though the data used by any given
59*5bbd2a12Schristos     access method is entirely consistent.  This behavior is, therefore, not
60*5bbd2a12Schristos     the default.
61b5677b36Schristos
62*5bbd2a12Schristos     The merge option only affects lookups in the groups map.  If set, subse-
63b5677b36Schristos     quent access methods will be tried in order to cause local users to
64b5677b36Schristos     appear in NIS (or other remote) groups in addition to the local groups.
65b5677b36Schristos
66b5677b36SchristosEEXXAAMMPPLLEE
67b5677b36Schristos           # Get password entries from local file, or failing that, NIS
68b5677b36Schristos           passwd          local   continue
69b5677b36Schristos           passwd          nis
70b5677b36Schristos
71b5677b36Schristos           # Build group membership from both local file, and NIS.
72b5677b36Schristos           group           local   continue,merge
73b5677b36Schristos           group           nis
74b5677b36Schristos
75b5677b36Schristos           # Services comes from just the local file.
76b5677b36Schristos           services        local
77b5677b36Schristos
78b5677b36Schristos           protocols       local
79b5677b36Schristos
80b5677b36Schristos           # Hosts comes first from DNS, failing that, the local file
81b5677b36Schristos           hosts           dns     continue
82b5677b36Schristos           hosts           local
83b5677b36Schristos
84b5677b36Schristos           # Networks comes first from the local file, and failing
85b5677b36Schristos           # that the, irp daemon
86b5677b36Schristos           networks        local   continue
87b5677b36Schristos           networks        irp
88b5677b36Schristos
89b5677b36Schristos           netgroup        local
90b5677b36Schristos
91b5677b36SchristosNNOOTTEESS
92*5bbd2a12Schristos     If a local user needs to be in the local host's ``wheel'' group but not
93*5bbd2a12Schristos     in every host's ``wheel'' group, put them in the local host's _/_e_t_c_/_g_r_o_u_p
94*5bbd2a12Schristos     ``wheel'' entry and set up the ``groups'' portion of your _/_e_t_c_/_i_r_s_._c_o_n_f
95*5bbd2a12Schristos     file as:
96b5677b36Schristos
97b5677b36Schristos           group   local   continue,merge
98b5677b36Schristos           group   nis
99b5677b36Schristos
100b5677b36Schristos     NIS takes a long time to time out.  Especially for hosts if you use the
101*5bbd2a12Schristos     --dd option to your server's ``ypserv'' daemon.
102b5677b36Schristos
103b5677b36Schristos     It is important that the _i_r_s_._c_o_n_f file contain an entry for each map.  If
104b5677b36Schristos     a map is not mentioned in the _i_r_s_._c_o_n_f file, all queries to that map will
105b5677b36Schristos     fail.
106b5677b36Schristos
107b5677b36Schristos     The classic NIS mechanism for specifying union namespaces is to add an
108*5bbd2a12Schristos     entry to a local map file whose name is ``+''.  In IRS, this is done via
109*5bbd2a12Schristos     ``continue'' and/or ``merge'' map options.  While this results in a small
110b5677b36Schristos     incompatibility when local map files are imported from non-IRS systems to
111*5bbd2a12Schristos     IRS systems, there are compensating advantages in security and configura-
112b5677b36Schristos     bility.
113b5677b36Schristos
114b5677b36SchristosFFIILLEESS
115b5677b36Schristos     /etc/irs.conf      The file iirrss..ccoonnff resides in _/_e_t_c.
116b5677b36Schristos
117b5677b36SchristosSSEEEE AALLSSOO
118b5677b36Schristos     groups(5), hosts(5), netgroup(5), networks(5), passwd(5), protocols(5),
119b5677b36Schristos     services(5)
120b5677b36Schristos
121b5677b36SchristosBIND 8.1                       November 16, 1997                      BIND 8.1
122