sun.com   |  docs.sun.com
How To Buy  |   My Sun  |   Worldwide Sites
        
 
Sun Microsystems Logo
 Products & Services
 		 Support & Training
 
 
System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) >> 2.  The Name Service Switch (Overview) 

Previous Previous     Contents     Index     Next Next

Selecting a Different Configuration File

When you change a machine's naming service, you need to modify that machine's switch file accordingly. For example, if you change a machine's naming service from NIS to NIS+, you need to install a switch file appropriate for NIS+. You change switch files by copying the appropriate template file to nsswitch.conf.

If you are installing NIS+ on a machine using the NIS+ installation scripts, the NIS+ template script is copied to nsswitch.conf for you. In this case, you do not have to configure the switch file unless you want to customize.

Before proceeding to change switch files, make sure the sources listed in the file are properly set up. In other words, if you are going to select the NIS+ version, the client must eventually have access to NIS+ service. If you select the local files version, those files must be properly set up on the client.

ProcedureHow to Modify the Name Service Switch

To change to a switch file, follow these steps.

  1. Become superuser.

  2. Copy the appropriate alternate file for the machine's naming service over the nsswitch.conf file.

    NIS+ Version (done automatically for you by NIS+ scripts)

    client1# cd /etc
client1# cp nsswitch.nisplus nsswitch.conf

    NIS Version

    client1# cd /etc
client1# cp nsswitch.nis nsswitch.conf

    Local /etc Files Version

    client1# cd /etc
client1# cp nsswitch.files nsswitch.conf

  3. Reboot the machine.

    The nscd daemon caches switch information. Some library routines do not periodically check the nsswitch.conf file to see whether the file has been changed. You must reboot the machine to make sure that the daemon and those routines have the latest information in the file.

Note - In order to use LDAP naming services, you must also properly configure all LDAP client machines, in addition to modifying the nsswitch.conf. See Chapter 16, Setting Up Clients (Tasks) for more information.

DNS and Internet Access

The nsswitch.conf file also controls DNS forwarding for clients as described in the following subsections. DNS forwarding grants Internet access to clients. For information on how to set DNS forwarding for NIS and NIS+, see System Administration Guide: Naming and Directory Services (FNS and NIS+).

IPv6 and Solaris Naming Services

NIS, NIS+ and LDAP support storing IPv6 data, as well as using IPv6 transports for protocol traffic. DNS supports the use of IPv6 transports on the client side only. As of BIND version 8.3.3, the DNS server does not support IPv6 transports.

The nsswitch.conf file controls search criteria for IPv6 addresses. IPv6 increases the IP address size from 32 bits to 128 bits to support more levels of addressing hierarchy. A larger address size provides a greater number of addressable nodes. For more information about IPv6, its configuration and implementation, see System Administration Guide: IP Services.

Use the new ipnodes source for IPv6 addresses. The /etc/inet/ipnodes file stores both IPv4 and IPv6 addresses. The /etc/inet/ipnodes file uses the same format convention as the /etc/hosts file.

IPv6 aware naming services use the new ipnodes source for its search forwarding. For instance, if LDAP is aware of IPv6 addresses, specify the following.

ipnodes: ldap [NOTFOUND=return] files

Caution! Caution - Potential delay issues:

  • ipnodes defaults to files. During the transition from IPv4 to IPv6, where all naming services are not aware of IPv6 addresses, accept the files default. Otherwise, unnecessary delays, such as boot timing delays, might result during the resolution of addresses.

  • An application searches all ipnodes databases for IPv4 addresses before searching for IPv4 addresses in the hosts databases. Before specifying ipnodes, consider the inherent delay of searching both databases for IPv4 addresses.

Ensuring Compatibility With +/- Syntax

If +/- is used in /etc/passwd, /etc/shadow, and /etc/group files, you need to modify the nsswitch.conf file to insure compatibility.

  • NIS+. To provide +/- semantics with NIS+, change the passwd and groups sources to compat. Then, add a passwd_compat: nisplus entry to the nsswitch.conf file after the passwd or group entry as shown below.

    passwd: compat
passwd_compat: nisplus
group: compat
group_compat: nisplus

    The above specifies that client routines obtain their network information from /etc files and NIS+ tables as indicated by the +/- entries in the files.

  • NIS. To provide the same syntax as in the Sun Operating Environment 4.x release, change the passwd and groups sources to compat. 

    passwd: compat
group: compat

    Specifies the /etc files and NIS maps as indicated by the +/- entries in the files.

    Note - Users working on a client machine being served by an NIS+ server running in NIS compatibility mode cannot run ypcat on the netgroup table. Doing so gives you results as if the table were empty even if the table has entries.

The Switch File and Password Information

Caution! Caution - files should be the first source in the nsswitch.conf file for passwd information. If files is not the first source, network security could be weakened, or users could encounter log in difficulty.

For example, in an NIS+ environment, the passwd line of the nsswitch.conf file should look like the following.

passwd: files nisplus

In an NIS environment, the passwd line of the nsswitch.conf file should look like the following.

passwd: files nis

Previous Previous     Contents     Index     Next Next
 
Copyright 1994-2004 Sun Microsystems