xref: /netbsd-src/external/bsd/libbind/dist/doc/irs.conf.man5 (revision 5bbd2a12505d72a8177929a37b5cee489d0a1cfd)

.\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (c) 1996,1999 by Internet Software Consortium
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" Copyright (c) 1986, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" Id: irs.conf.man5,v 1.2 2009/01/21 00:12:34 each Exp
.\"
.Dd November 16, 1997
.Dt IRS.CONF 5
.Os BIND 8.1
.Sh NAME
.Nm irs.conf
.Nd Information Retrieval System configuration file
.Sh SYNOPSIS
.Nm irs.conf
.Sh DESCRIPTION
The
.Xr irs 3
functions are a set of routines in the C library which provide access to
various system maps.
The maps that irs currently controls are the following: passwd, group,
services, protocols, hosts, networks and netgroup.
When a program first calls a function that accesses one of these maps,
the irs configuration file is read,
and the source of each map is determined for the life of the process.
.Pp
If this file does not exist,
the irs routines default to using local sources for all information,
with the exception of the host and networks maps,
which use the Domain Name System (DNS).
.Pp
Each record in the file consists of one line.
A record consists of a map-name, an access-method and possibly a (comma
delimited) set of options,
separated by tabs or spaces.
Blank lines, and text between a # and a newline are ignored.
.Pp
Available maps:
.Bd -literal -offset indent
Map name	Information in map
=========	==================================
passwd          User authentication information
group           User group membership information
services        Network services directory
protocols       Network protocols directory
hosts           Network hosts directory
networks        Network "network names" directory
netgroup        Network "host groups" directory
.Ed
.Pp
Available access methods:
.Bd -literal -offset indent
Access method	Description
=============	=================================================
local           Use a local file, usually in /etc
dns             Use the domain name service (includes hesiod)
nis             Use the Sun-compatible Network Information Service
irp		Use the IRP daemon on the localhost.
.Ed
.Pp
Available options:
.Bd -literal -offset indent
Option		Description
========	================================================
continue        don't stop searching if you can't find something
merge           don't stop searching if you CAN find something
.Ed
.Pp
The continue option creates
.Dq "union namespaces"
whereby subsequent access methods of the same map type can be tried
if a name cannot be found using earlier access methods.
This can be quite confusing in the case of host names,
since the name to address and address to name mappings can be visibly
asymmetric even though the data used by any given access method is
entirely consistent.  This behavior is, therefore, not the default.
.Pp
The merge option only affects lookups in the groups map.
If set, subsequent access methods will be tried in order to cause
local users to appear in NIS (or other remote) groups in addition
to the local groups.
.Sh EXAMPLE
.Bd -literal -offset indent
# Get password entries from local file, or failing that, NIS
passwd          local	continue
passwd		nis

# Build group membership from both local file, and NIS.
group		local	continue,merge
group		nis

# Services comes from just the local file.
services	local

protocols	local

# Hosts comes first from DNS, failing that, the local file
hosts		dns	continue
hosts		local

# Networks comes first from the local file, and failing
# that the, irp daemon
networks	local	continue
networks	irp

netgroup        local
.Ed
.Sh NOTES
If a local user needs to be in the local host's
.Dq wheel
group but not in every host's
.Dq wheel
group, put them in the local host's
.Pa /etc/group
.Dq wheel
entry and set up the
.Dq groups
portion of your
.Pa /etc/irs.conf
file as:
.Bd -literal -offset indent
group   local   continue,merge
group   nis
.Ed
.Pp
NIS takes a long time to time out.
Especially for hosts if you use the
.Fl d
option to your server's
.Dq ypserv
daemon.
.Pp
It is important that the
.Pa irs.conf
file contain an entry for each map.
If a map is not mentioned in the
.Pa irs.conf
file, all queries to that map will fail.
.Pp
The classic NIS mechanism for specifying union namespaces is to add an entry
to a local map file whose name is ``+''.  In IRS, this is done via ``continue''
and/or ``merge'' map options.  While this results in a small incompatibility
when local map files are imported from non-IRS systems to IRS systems, there
are compensating advantages in security and configurability.
.Sh FILES
.Bl -tag -width /etc/irs.confXXXX -compact
.It Pa /etc/irs.conf
The file
.Nm irs.conf
resides in
.Pa /etc .
.El
.Sh SEE ALSO
.Xr groups 5 ,
.Xr hosts 5 ,
.Xr netgroup 5 ,
.Xr networks 5 ,
.Xr passwd 5 ,
.Xr protocols 5 ,
.Xr services 5