Passwd (database)

The Name Service Switch (NSS) is a feature found in the standard C library of various Unix-like operating systems that connects a computer with a variety of sources of common configuration databases and name resolution mechanisms. These sources include local operating system files (such as , , and ), the Domain Name System (DNS), the Network Information Service (NIS, NIS+), and LDAP.

nsswitch.conf

A system administrator usually configures the operating system's name services using the file . This file lists databases (such as passwd, shadow and group), and one or more sources for obtaining that information. Examples for sources are ''files'' for local files, ''ldap'' for the Lightweight Directory Access Protocol, ''nis'' for the Network Information Service, ''nisplus'' for NIS+, ''dns'' for the Domain Name System (DNS), and ''wins'' for Windows Internet Name Service.

The nsswitch.conf file has line entries for each service consisting of a database name in the first field, terminated by a colon, and a list of possible source databases in the second field.

A typical file might look like:

passwd:     files ldap
shadow:     files
group:      files ldap
hosts:      dns nis files
ethers:     files nis
netmasks:   files nis
networks:   files nis
protocols:  files nis
rpc:        files nis
services:   files nis
automount:  files
aliases:    files

The order of the source databases determines the order the NSS will attempt to look up those sources to resolve queries for the specified service. A bracketed list of criteria may be specified following each source name to govern the conditions under which the NSS will proceed to querying the next source based on the preceding source's response.

History

Earlier Unix-like systems either accessed only local files or had hard-coded rules for accessing files or network-stored databases. Ultrix was a notable exception with its nearly identical functionality of the NSS configuration file in .

Sun Microsystems first developed the NSS for their Solaris operating system.

Solaris' compliance with SVR4, which Sun Microsystems and AT&T Unix System Laboratories jointly developed by merging UNIX System V, BSD and Xenix, required that third parties be able to plug in name service implementations for the transport layer of their choosing ( OSI or IP) without rewriting SVR4-compliant Transport-Independent RPC (TI-RPC) applications or rebuilding the operating system. Sun introduced the NIS+ directory service in Solaris to supersede NIS, which required co-existence of the two directory services within an enterprise to ease migration.

Sun engineers Thomas Maslen and Sanjay Dani were the first to design and implement the Name Service Switch. They fulfilled Solaris requirements with the nsswitch.conf file specification and the implementation choice to load database access modules as dynamically loaded libraries, which Sun was also the first to introduce.

Sun engineers' original design of the configuration file and runtime loading of name service back-end libraries has withstood the test of time as operating systems have evolved and new name services are introduced. Over the years, programmers ported the NSS configuration file with nearly identical implementations to many other operating systems including FreeBSD, NetBSD, Linux, HP-UX, IRIX and AIX. More than two decades after the NSS was invented, GNU libc implements it almost identically.

See also

* BSD Authentication
* Group (database)
* Name server
* Pluggable Authentication Modules

References

External links

* {{man, 5, nsswitch.conf, NetBSD, name-service switch configuration file

Name Service Switch implementation in the GNU C Library


Another NSS module supporting LDAP
nss-ldapd


nss_afs

Unix
Domain Name System
Directory services