1*c2a43b22SDavid van Moolenbroek.\" $NetBSD: nsswitch.conf.5,v 1.28 2009/10/25 01:30:48 wiz Exp $ 2*c2a43b22SDavid van Moolenbroek.\" 3*c2a43b22SDavid van Moolenbroek.\" Copyright (c) 1997, 1998, 1999 The NetBSD Foundation, Inc. 4*c2a43b22SDavid van Moolenbroek.\" All rights reserved. 5*c2a43b22SDavid van Moolenbroek.\" 6*c2a43b22SDavid van Moolenbroek.\" This code is derived from software contributed to The NetBSD Foundation 7*c2a43b22SDavid van Moolenbroek.\" by Luke Mewburn. 8*c2a43b22SDavid van Moolenbroek.\" 9*c2a43b22SDavid van Moolenbroek.\" Redistribution and use in source and binary forms, with or without 10*c2a43b22SDavid van Moolenbroek.\" modification, are permitted provided that the following conditions 11*c2a43b22SDavid van Moolenbroek.\" are met: 12*c2a43b22SDavid van Moolenbroek.\" 1. Redistributions of source code must retain the above copyright 13*c2a43b22SDavid van Moolenbroek.\" notice, this list of conditions and the following disclaimer. 14*c2a43b22SDavid van Moolenbroek.\" 2. Redistributions in binary form must reproduce the above copyright 15*c2a43b22SDavid van Moolenbroek.\" notice, this list of conditions and the following disclaimer in the 16*c2a43b22SDavid van Moolenbroek.\" documentation and/or other materials provided with the distribution. 17*c2a43b22SDavid van Moolenbroek.\" 18*c2a43b22SDavid van Moolenbroek.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 19*c2a43b22SDavid van Moolenbroek.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 20*c2a43b22SDavid van Moolenbroek.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 21*c2a43b22SDavid van Moolenbroek.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 22*c2a43b22SDavid van Moolenbroek.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23*c2a43b22SDavid van Moolenbroek.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24*c2a43b22SDavid van Moolenbroek.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25*c2a43b22SDavid van Moolenbroek.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26*c2a43b22SDavid van Moolenbroek.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27*c2a43b22SDavid van Moolenbroek.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28*c2a43b22SDavid van Moolenbroek.\" POSSIBILITY OF SUCH DAMAGE. 29*c2a43b22SDavid van Moolenbroek.\" 30*c2a43b22SDavid van Moolenbroek.Dd October 25, 2009 31*c2a43b22SDavid van Moolenbroek.Dt NSSWITCH.CONF 5 32*c2a43b22SDavid van Moolenbroek.Os 33*c2a43b22SDavid van Moolenbroek.Sh NAME 34*c2a43b22SDavid van Moolenbroek.Nm nsswitch.conf 35*c2a43b22SDavid van Moolenbroek.Nd name-service switch configuration file 36*c2a43b22SDavid van Moolenbroek.Sh DESCRIPTION 37*c2a43b22SDavid van MoolenbroekThe 38*c2a43b22SDavid van Moolenbroek.Nm 39*c2a43b22SDavid van Moolenbroekfile specifies how the 40*c2a43b22SDavid van Moolenbroek.Xr nsdispatch 3 41*c2a43b22SDavid van Moolenbroek(name-service switch dispatcher) routines in the C library should operate. 42*c2a43b22SDavid van Moolenbroek.Pp 43*c2a43b22SDavid van MoolenbroekThe configuration file controls how a process looks up various databases 44*c2a43b22SDavid van Moolenbroekcontaining information regarding hosts, users (passwords), groups, 45*c2a43b22SDavid van Moolenbroeknetgroups, etc. 46*c2a43b22SDavid van MoolenbroekEach database comes from a source (such as local files, DNS, and 47*c2a43b22SDavid van Moolenbroek.Tn NIS ) , 48*c2a43b22SDavid van Moolenbroekand the order to look up the sources is specified in 49*c2a43b22SDavid van Moolenbroek.Nm nsswitch.conf . 50*c2a43b22SDavid van Moolenbroek.Pp 51*c2a43b22SDavid van MoolenbroekEach entry in 52*c2a43b22SDavid van Moolenbroek.Nm 53*c2a43b22SDavid van Moolenbroekconsists of a database name, and a space separated list of sources. 54*c2a43b22SDavid van MoolenbroekEach source can have an optional trailing criterion that determines 55*c2a43b22SDavid van Moolenbroekwhether the next listed source is used, or the search terminates at 56*c2a43b22SDavid van Moolenbroekthe current source. 57*c2a43b22SDavid van MoolenbroekEach criterion consists of one or more status codes, and actions to 58*c2a43b22SDavid van Moolenbroektake if that status code occurs. 59*c2a43b22SDavid van Moolenbroek.Ss Sources 60*c2a43b22SDavid van MoolenbroekThe following sources are implemented: 61*c2a43b22SDavid van Moolenbroek.Bl -column "multicast_dns" -offset indent -compact 62*c2a43b22SDavid van Moolenbroek.It Sy Source Description 63*c2a43b22SDavid van Moolenbroek.It files Local files, such as 64*c2a43b22SDavid van Moolenbroek.Pa /etc/hosts , 65*c2a43b22SDavid van Moolenbroekand 66*c2a43b22SDavid van Moolenbroek.Pa /etc/passwd . 67*c2a43b22SDavid van Moolenbroek.It dns Internet Domain Name System. 68*c2a43b22SDavid van Moolenbroek.Dq hosts 69*c2a43b22SDavid van Moolenbroekand 70*c2a43b22SDavid van Moolenbroek.Dq networks 71*c2a43b22SDavid van Moolenbroekuse 72*c2a43b22SDavid van Moolenbroek.Sy IN 73*c2a43b22SDavid van Moolenbroekclass entries, all other databases use 74*c2a43b22SDavid van Moolenbroek.Sy HS 75*c2a43b22SDavid van Moolenbroekclass (Hesiod) entries. 76*c2a43b22SDavid van Moolenbroek.It mdnsd Use 77*c2a43b22SDavid van Moolenbroek.Xr mdnsd 8 78*c2a43b22SDavid van Moolenbroekfor 79*c2a43b22SDavid van Moolenbroek.Dq hosts 80*c2a43b22SDavid van Moolenbroeklookups, acting as both a system-wide cache for normal unicast DNS 81*c2a43b22SDavid van Moolenbroekas well as providing multicast DNS 82*c2a43b22SDavid van Moolenbroek.Dq ( zeroconf ) 83*c2a43b22SDavid van Moolenbroeklookups. 84*c2a43b22SDavid van Moolenbroek.It multicast_dns Use 85*c2a43b22SDavid van Moolenbroek.Xr mdnsd 8 86*c2a43b22SDavid van Moolenbroekonly for multicast DNS 87*c2a43b22SDavid van Moolenbroek.Dq hosts 88*c2a43b22SDavid van Moolenbroeklookups. 89*c2a43b22SDavid van MoolenbroekThis would normally be used in conjunction with 90*c2a43b22SDavid van Moolenbroek.Dq dns , 91*c2a43b22SDavid van Moolenbroekwhich would then provide unicast DNS resolver functions. 92*c2a43b22SDavid van Moolenbroek.It nis NIS (formerly YP) 93*c2a43b22SDavid van Moolenbroek.It compat support 94*c2a43b22SDavid van Moolenbroek.Sq +/- 95*c2a43b22SDavid van Moolenbroekin the 96*c2a43b22SDavid van Moolenbroek.Dq passwd 97*c2a43b22SDavid van Moolenbroekand 98*c2a43b22SDavid van Moolenbroek.Dq group 99*c2a43b22SDavid van Moolenbroekdatabases. 100*c2a43b22SDavid van MoolenbroekIf this is present, it must be the only source for that entry. 101*c2a43b22SDavid van Moolenbroek.El 102*c2a43b22SDavid van Moolenbroek.Ss Databases 103*c2a43b22SDavid van MoolenbroekThe following databases are used by the following C library functions: 104*c2a43b22SDavid van Moolenbroek.Bl -column "netgroup" -offset indent -compact 105*c2a43b22SDavid van Moolenbroek.It Sy Database Used by 106*c2a43b22SDavid van Moolenbroek.It group Ta Xr getgrent 3 107*c2a43b22SDavid van Moolenbroek.It hosts Ta Xr gethostbyname 3 108*c2a43b22SDavid van Moolenbroek.It netgroup Ta Xr getnetgrent 3 109*c2a43b22SDavid van Moolenbroek.It networks Ta Xr getnetbyname 3 110*c2a43b22SDavid van Moolenbroek.It passwd Ta Xr getpwent 3 111*c2a43b22SDavid van Moolenbroek.It shells Ta Xr getusershell 3 112*c2a43b22SDavid van Moolenbroek.El 113*c2a43b22SDavid van Moolenbroek.Ss Status codes 114*c2a43b22SDavid van MoolenbroekThe following status codes are available: 115*c2a43b22SDavid van Moolenbroek.Bl -column "tryagain" -offset indent -compact 116*c2a43b22SDavid van Moolenbroek.It Sy Status Description 117*c2a43b22SDavid van Moolenbroek.It success The requested entry was found. 118*c2a43b22SDavid van Moolenbroek.It notfound The entry is not present at this source. 119*c2a43b22SDavid van Moolenbroek.It tryagain The source is busy, and may respond to retries. 120*c2a43b22SDavid van Moolenbroek.It unavail The source is not responding, or entry is corrupt. 121*c2a43b22SDavid van Moolenbroek.El 122*c2a43b22SDavid van Moolenbroek.Ss Actions 123*c2a43b22SDavid van MoolenbroekFor each of the status codes, one of two actions is possible: 124*c2a43b22SDavid van Moolenbroek.Bl -column "continue" -offset indent -compact 125*c2a43b22SDavid van Moolenbroek.It Sy Action Description 126*c2a43b22SDavid van Moolenbroek.It continue Try the next source 127*c2a43b22SDavid van Moolenbroek.It return Return with the current result 128*c2a43b22SDavid van Moolenbroek.El 129*c2a43b22SDavid van Moolenbroek.Ss Format of file 130*c2a43b22SDavid van MoolenbroekA 131*c2a43b22SDavid van Moolenbroek.Tn BNF 132*c2a43b22SDavid van Moolenbroekdescription of the syntax of 133*c2a43b22SDavid van Moolenbroek.Nm 134*c2a43b22SDavid van Moolenbroekis: 135*c2a43b22SDavid van Moolenbroek.Bl -column "\*[Lt]criterion\*[Gt]" -offset indent 136*c2a43b22SDavid van Moolenbroek.It \*[Lt]entry\*[Gt] ::= 137*c2a43b22SDavid van Moolenbroek\*[Lt]database\*[Gt] ":" [\*[Lt]source\*[Gt] [\*[Lt]criteria\*[Gt]]]* 138*c2a43b22SDavid van Moolenbroek.It \*[Lt]criteria\*[Gt] ::= 139*c2a43b22SDavid van Moolenbroek"[" \*[Lt]criterion\*[Gt]+ "]" 140*c2a43b22SDavid van Moolenbroek.It \*[Lt]criterion\*[Gt] ::= 141*c2a43b22SDavid van Moolenbroek\*[Lt]status\*[Gt] "=" \*[Lt]action\*[Gt] 142*c2a43b22SDavid van Moolenbroek.It \*[Lt]status\*[Gt] ::= 143*c2a43b22SDavid van Moolenbroek"success" | "notfound" | "unavail" | "tryagain" 144*c2a43b22SDavid van Moolenbroek.It \*[Lt]action\*[Gt] ::= 145*c2a43b22SDavid van Moolenbroek"return" | "continue" 146*c2a43b22SDavid van Moolenbroek.El 147*c2a43b22SDavid van Moolenbroek.Pp 148*c2a43b22SDavid van MoolenbroekEach entry starts on a new line in the file. 149*c2a43b22SDavid van MoolenbroekA 150*c2a43b22SDavid van Moolenbroek.Sq # 151*c2a43b22SDavid van Moolenbroekdelimits a comment to end of line. 152*c2a43b22SDavid van MoolenbroekBlank lines are ignored. 153*c2a43b22SDavid van MoolenbroekA 154*c2a43b22SDavid van Moolenbroek.Sq \e 155*c2a43b22SDavid van Moolenbroekat the end of a line escapes the newline, and causes the next line to 156*c2a43b22SDavid van Moolenbroekbe a continuation of the current line. 157*c2a43b22SDavid van MoolenbroekAll entries are case-insensitive. 158*c2a43b22SDavid van Moolenbroek.Pp 159*c2a43b22SDavid van MoolenbroekThe default criteria is to return on 160*c2a43b22SDavid van Moolenbroek.Dq success , 161*c2a43b22SDavid van Moolenbroekand continue on anything else (i.e, 162*c2a43b22SDavid van Moolenbroek.Li [success=return notfound=continue unavail=continue tryagain=continue] 163*c2a43b22SDavid van Moolenbroek). 164*c2a43b22SDavid van Moolenbroek.Ss Compat mode: +/- syntax 165*c2a43b22SDavid van MoolenbroekIn historical multi-source implementations, the 166*c2a43b22SDavid van Moolenbroek.Sq + 167*c2a43b22SDavid van Moolenbroekand 168*c2a43b22SDavid van Moolenbroek.Sq - 169*c2a43b22SDavid van Moolenbroekcharacters are used to specify the importing of user password and 170*c2a43b22SDavid van Moolenbroekgroup information from 171*c2a43b22SDavid van Moolenbroek.Tn NIS . 172*c2a43b22SDavid van MoolenbroekAlthough 173*c2a43b22SDavid van Moolenbroek.Nm 174*c2a43b22SDavid van Moolenbroekprovides alternative methods of accessing distributed sources such as 175*c2a43b22SDavid van Moolenbroek.Tn NIS , 176*c2a43b22SDavid van Moolenbroekspecifying a sole source of 177*c2a43b22SDavid van Moolenbroek.Dq compat 178*c2a43b22SDavid van Moolenbroekwill provide the historical behaviour. 179*c2a43b22SDavid van Moolenbroek.Pp 180*c2a43b22SDavid van MoolenbroekAn alternative source for the information accessed via 181*c2a43b22SDavid van Moolenbroek.Sq +/- 182*c2a43b22SDavid van Moolenbroekcan be used by specifying 183*c2a43b22SDavid van Moolenbroek.Dq passwd_compat: source . 184*c2a43b22SDavid van Moolenbroek.Dq source 185*c2a43b22SDavid van Moolenbroekin this case can be 186*c2a43b22SDavid van Moolenbroek.Sq dns , 187*c2a43b22SDavid van Moolenbroek.Sq nis , 188*c2a43b22SDavid van Moolenbroekor 189*c2a43b22SDavid van Moolenbroekany other source except for 190*c2a43b22SDavid van Moolenbroek.Sq files 191*c2a43b22SDavid van Moolenbroekand 192*c2a43b22SDavid van Moolenbroek.Sq compat . 193*c2a43b22SDavid van Moolenbroek.Ss Notes 194*c2a43b22SDavid van MoolenbroekHistorically, many of the databases had enumeration functions, often of 195*c2a43b22SDavid van Moolenbroekthe form 196*c2a43b22SDavid van Moolenbroek.Fn getXXXent . 197*c2a43b22SDavid van MoolenbroekThese made sense when the databases were in local files, but don't make 198*c2a43b22SDavid van Moolenbroeksense or have lesser relevance when there are possibly multiple sources, 199*c2a43b22SDavid van Moolenbroekeach of an unknown size. 200*c2a43b22SDavid van MoolenbroekThe interfaces are still provided for compatibility, but the source 201*c2a43b22SDavid van Moolenbroekmay not be able to provide complete entries, or duplicate entries may 202*c2a43b22SDavid van Moolenbroekbe retrieved if multiple sources that contain similar information are 203*c2a43b22SDavid van Moolenbroekspecified. 204*c2a43b22SDavid van Moolenbroek.Pp 205*c2a43b22SDavid van MoolenbroekTo ensure compatibility with previous and current implementations, the 206*c2a43b22SDavid van Moolenbroek.Dq compat 207*c2a43b22SDavid van Moolenbroeksource must appear alone for a given database. 208*c2a43b22SDavid van Moolenbroek.Ss Default source lists 209*c2a43b22SDavid van MoolenbroekIf, for any reason, 210*c2a43b22SDavid van Moolenbroek.Nm nsswitch.conf 211*c2a43b22SDavid van Moolenbroekdoesn't exist, or it has missing or corrupt entries, 212*c2a43b22SDavid van Moolenbroek.Xr nsdispatch 3 213*c2a43b22SDavid van Moolenbroekwill default to an entry of 214*c2a43b22SDavid van Moolenbroek.Dq files 215*c2a43b22SDavid van Moolenbroekfor the requested database. 216*c2a43b22SDavid van MoolenbroekExceptions are: 217*c2a43b22SDavid van Moolenbroek.Bl -column passwd_compat "files dns" -offset indent 218*c2a43b22SDavid van Moolenbroek.It Sy Database Default source list 219*c2a43b22SDavid van Moolenbroek.It group compat 220*c2a43b22SDavid van Moolenbroek.It group_compat nis 221*c2a43b22SDavid van Moolenbroek.It hosts files dns 222*c2a43b22SDavid van Moolenbroek.It netgroup files [notfound=return] nis 223*c2a43b22SDavid van Moolenbroek.It passwd compat 224*c2a43b22SDavid van Moolenbroek.It passwd_compat nis 225*c2a43b22SDavid van Moolenbroek.El 226*c2a43b22SDavid van Moolenbroek.Sh FILES 227*c2a43b22SDavid van Moolenbroek.Bl -tag -width /etc/nsswitch.conf -compact 228*c2a43b22SDavid van Moolenbroek.It Pa /etc/nsswitch.conf 229*c2a43b22SDavid van MoolenbroekThe file 230*c2a43b22SDavid van Moolenbroek.Nm 231*c2a43b22SDavid van Moolenbroekresides in 232*c2a43b22SDavid van Moolenbroek.Pa /etc . 233*c2a43b22SDavid van Moolenbroek.El 234*c2a43b22SDavid van Moolenbroek.Sh EXAMPLES 235*c2a43b22SDavid van MoolenbroekTo lookup hosts in 236*c2a43b22SDavid van Moolenbroek.Pa /etc/hosts 237*c2a43b22SDavid van Moolenbroekand then from the DNS, and lookup user information from 238*c2a43b22SDavid van Moolenbroek.Tn NIS 239*c2a43b22SDavid van Moolenbroekthen files, use: 240*c2a43b22SDavid van Moolenbroek.Bl -column "passwd:" -offset indent 241*c2a43b22SDavid van Moolenbroek.It hosts: files dns 242*c2a43b22SDavid van Moolenbroek.It passwd: nis [notfound=return] files 243*c2a43b22SDavid van Moolenbroek.It group: nis [notfound=return] files 244*c2a43b22SDavid van Moolenbroek.El 245*c2a43b22SDavid van Moolenbroek.Pp 246*c2a43b22SDavid van MoolenbroekThe criteria 247*c2a43b22SDavid van Moolenbroek.Dq [notfound=return] 248*c2a43b22SDavid van Moolenbroeksets a policy of "if the user is notfound in nis, don't try files." 249*c2a43b22SDavid van MoolenbroekThis treats nis as the authoritative source of information, except 250*c2a43b22SDavid van Moolenbroekwhen the server is down. 251*c2a43b22SDavid van Moolenbroek.Sh SEE ALSO 252*c2a43b22SDavid van Moolenbroek.Xr getent 1 , 253*c2a43b22SDavid van Moolenbroek.Xr nsdispatch 3 , 254*c2a43b22SDavid van Moolenbroek.Xr resolv.conf 5 , 255*c2a43b22SDavid van Moolenbroek.Xr named 8 , 256*c2a43b22SDavid van Moolenbroek.Xr ypbind 8 257*c2a43b22SDavid van Moolenbroek.Sh HISTORY 258*c2a43b22SDavid van MoolenbroekThe 259*c2a43b22SDavid van Moolenbroek.Nm 260*c2a43b22SDavid van Moolenbroekfile format first appeared in 261*c2a43b22SDavid van Moolenbroek.Nx 1.4 . 262*c2a43b22SDavid van Moolenbroek.Sh AUTHORS 263*c2a43b22SDavid van Moolenbroek.An Luke Mewburn 264*c2a43b22SDavid van Moolenbroek.Aq lukem@NetBSD.org 265*c2a43b22SDavid van Moolenbroekwrote this freely distributable name-service switch implementation, 266*c2a43b22SDavid van Moolenbroekusing ideas from the 267*c2a43b22SDavid van Moolenbroek.Tn ULTRIX 268*c2a43b22SDavid van Moolenbroek.Xr svc.conf 5 269*c2a43b22SDavid van Moolenbroekand 270*c2a43b22SDavid van Moolenbroek.Tn Solaris 271*c2a43b22SDavid van Moolenbroek.Xr nsswitch.conf 4 272*c2a43b22SDavid van Moolenbroekmanual pages. 273