1 .\" $NetBSD: nsswitch.conf.5,v 1.14 1999/03/17 20:19:47 garbled Exp $
3 .\" Copyright (c) 1997, 1998, 1999 The NetBSD Foundation, Inc.
4 .\" All rights reserved.
6 .\" This code is derived from software contributed to The NetBSD Foundation
9 .\" Redistribution and use in source and binary forms, with or without
10 .\" modification, are permitted provided that the following conditions
12 .\" 1. Redistributions of source code must retain the above copyright
13 .\" notice, this list of conditions and the following disclaimer.
14 .\" 2. Redistributions in binary form must reproduce the above copyright
15 .\" notice, this list of conditions and the following disclaimer in the
16 .\" documentation and/or other materials provided with the distribution.
17 .\" 3. All advertising materials mentioning features or use of this software
18 .\" must display the following acknowledgement:
19 .\" This product includes software developed by Luke Mewburn.
20 .\" 4. The name of the author may not be used to endorse or promote products
21 .\" derived from this software without specific prior written permission.
23 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
28 .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
29 .\" OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
30 .\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
31 .\" TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
32 .\" USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
41 .Nd name-service switch configuration file
45 file specifies how the
47 (name-service switch dispatcher) routines in the C library should operate.
49 The configuration file controls how a process looks up various databases
50 containing information regarding hosts, users (passwords), groups, etc.
51 Each database comes from a source (such as local files, DNS, NIS ,
52 and cache), and the order to look up the sources is specified in
57 consists of a database name, and a space separated list of sources.
58 Each source can have an optional trailing criterion that determines
59 whether the next listed source is used, or the search terminates at
61 Each criterion consists of one or more status codes, and actions to
62 take if that status code occurs.
64 The following sources are implemented as part of the base system:
66 .Bl -tag -width Source -compact
77 Internet Domain Name System.
83 class entries, all other databases use
85 class (Hesiod) entries.
96 If this is present, it must be the only source for that entry.
103 Additional sources might be provided by third party software.
105 The following databases are used by the following C library functions:
107 .Bl -tag -width networks -compact
119 .Xr gethostbyaddr 3 ,
120 .Xr gethostbyaddr_r 3 ,
121 .Xr gethostbyname 3 ,
122 .Xr gethostbyname2 3 ,
123 .Xr gethostbyname_r 3 ,
124 .Xr getipnodebyaddr 3 ,
125 .Xr getipnodebyname 3
128 .Xr getnetbyaddr_r 3 ,
144 .Xr getrpcbynumber 3 ,
147 .Xr getprotobyname 3 ,
148 .Xr getprotobynumber 3 ,
152 .Xr getnetgrent_r 3 ,
158 The following status codes are available:
160 .Bl -tag -width tryagain -compact
164 The requested entry was found.
166 The entry is not present at this source.
168 The source is busy, and may respond to retries.
170 The source is not responding, or entry is corrupt.
173 For each of the status codes, one of two actions is possible:
175 .Bl -tag -width continue -compact
181 Return with the current result
184 A BNF description of the syntax of
188 .Bl -tag -width <criterion> -compact
191 <database> ":" [<source> [<criteria>]]*
197 <status> "=" <action>
200 "success" | "notfound" | "unavail" | "tryagain"
203 "return" | "continue"
206 Each entry starts on a new line in the file.
209 delimits a comment to end of line.
210 Blank lines are ignored.
213 at the end of a line escapes the newline, and causes the next line to
214 be a continuation of the current line.
215 All entries are case-insensitive.
217 The default criteria is to return on
219 and continue on anything else (i.e,
220 .Li "[success=return notfound=continue unavail=continue tryagain=continue]" ) .
222 You can enable caching for the particular database by specifying
229 but before remote sources like
231 You should also enable caching for this database in
233 If for a particular query
235 source returns success, then no further sources are queried.
236 On the other hand, if there are no previously cached data, the
237 query result will be placed into the cache right after
238 all other sources are processed.
243 daemon to be running.
244 .Ss Compat mode: +/- syntax
245 In historical multi-source implementations, the
249 characters are used to specify the importing of user password and
250 group information from NIS .
253 provides alternative methods of accessing distributed sources such as NIS ,
254 specifying a sole source of
256 will provide the historical behaviour.
258 An alternative source for the information accessed via
260 can be used by specifying
261 .Dq passwd_compat: source .
267 any other source except for
272 Historically, many of the databases had enumeration functions, often of
275 These made sense when the databases were in local files, but do not make
276 sense or have lesser relevance when there are possibly multiple sources,
277 each of an unknown size.
278 The interfaces are still provided for compatibility, but the source
279 may not be able to provide complete entries, or duplicate entries may
280 be retrieved if multiple sources that contain similar information are
283 To ensure compatibility with previous and current implementations, the
285 source must appear alone for a given database.
286 .Ss Default source lists
289 does not exist, or it has missing or corrupt entries,
291 will default to an entry of
293 for the requested database.
296 .Bl -tag -width services_compat -compact
298 .Sy "Default source list"
315 .Bl -tag -width /etc/nsswitch.conf -compact
316 .It Pa /etc/nsswitch.conf
326 and then from the DNS, and lookup user information from NIS then files, use:
328 .Bl -tag -width passwd: -compact
332 nis [notfound=return] files
334 nis [notfound=return] files
338 .Dq [notfound=return]
339 sets a policy of "if the user is notfound in nis, do not try files."
340 This treats nis as the authoritative source of information, except
341 when the server is down.
345 file is parsed by each program only once.
346 Subsequent changes will not be applied until the program
349 If system got compiled with
357 provides stubs for compatibility with NSS modules
358 written for the GNU C Library
361 However, these stubs only support the use of the
375 file format first appeared in
377 It was imported from the
379 Project, where it appeared first in
382 .An Luke Mewburn Aq Mt lukem@netbsd.org
383 wrote this freely distributable name-service switch implementation,
384 using ideas from the ULTRIX