Name Services Overview

Name services store information in a central location that users, systems, and applications must be able to access to communicate across the network. Information is stored in files, maps, or database tables. Without a central name service, each system would have to maintain its own copy of this information. Therefore, centrally locating this data makes it easier to administer large networks.

The information handled by a name service includes, but is not limited to, the following:

• System (host) names and addresses

• User names

• Passwords

• Groups

• Automounter configuration files (auto.master, auto.home)

• Access permissions and RBAC database files

The Solaris 10 release provides the name services listed in Table 12.1.

Table 12.1. Name Services

Name Service	Description
/etc files	The original Unix naming system
NIS	The Network Information Service
NIS+	The Network Information Service Plus (NIS+ is being dropped from future Solaris releases; NIS+ users are recommended to migrate to LDAP)
DNS	The Domain Name System
LDAP	Lightweight Directory Access Protocol

A name service enables centralized management of host files so that systems can be identified by common names instead of by numerical addresses. This simplifies communication because users do not have to remember to enter cumbersome numerical addresses such as 129.44.3.1.

Addresses are not the only network information that systems need to store. They also need to store security information, email addresses, information about their Ethernet interfaces, network services, groups of users allowed to use the network, services offered on the network, and so on. As networks offer more services, the list grows. As a result, each system might need to keep an entire set of files similar to /etc/hosts.

As this information changes, without a name service, administrators must keep it current on every system in the network. In a small network, this is simply tedious, but on a medium or large network, the job becomes not only time consuming but also nearly unmanageable.

A name service solves this problem. It stores network information on servers and provides the information to clients that ask for it.

The Name Service Switch File

The name service switch file controls how a client workstation or application obtains network information. The name service switch is often simply referred to as "the switch." The switch determines which naming services an application uses to obtain naming information, and in what order. It is a file called nsswitch.conf, which is stored in each system's /etc directory. Also in every system's /etc directory, you'll find templates that can be used as the nsswitch.conf file, as described in Table 12.2. Whatever name service you choose, select the appropriate name service switch template, copy it to nsswitch.conf, and customize it as required.

Table 12.2. Name Service Switch Template Files

Name	Description
nsswitch.files	Use this template when local files in the /etc directory are to be used and no name service exists.
nsswitch.nis	Uses the NIS database as the primary source of all information except the passwd, group, automount, and aliases maps. These are directed to use the local /etc files first and then the NIS databases.
nsswitch.nisplus	Uses the NIS+ database as the primary source of all information except the passwd, group, automount, and aliases tables. These are directed to use the local /etc files first and then the NIS+ databases.
nsswitch.dns	Sets up the name service to search the local /etc files for all entries except the hosts enTRy. The hosts entry is directed to use DNS for lookup.
nsswitch.ldap	Uses LDAP as the primary source of all information except the passwd, group, automount, and aliases tables. These are directed to use the local /etc files first and then the LDAP databases.

When you install Solaris 10, the correct template file is copied to /etc/nsswitch.conf. This template file contains the default switch configurations used by the chosen naming service. If during software installation you select "none" as the default name service, then the local /etc files will be used. In this case, /etc/nsswitch.conf is created from nsswitch.files, which looks like this:

# /etc/nsswitch.files:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# does not use any naming service.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

passwd:     files
group:      files
hosts:      files
ipnodes:    files
networks:   files
protocols:  files
rpc:        files
ethers:     files
netmasks:   files
bootparams: files
publickey:  files
# At present there isn't a 'files' backend for netgroup; the system will
#   figure it out pretty quickly, and won't use netgroups at all.
netgroup:  files
automount: files
aliases:   files
services:   files
sendmailvars:   files
printers:       user files
auth_attr:  files
prof_attr:  files
project:    files

If you decide to use a different name service after software installation, you can move the correct switch file into place manually. For example, if you start using NIS then copy /etc/nsswitch.nis as follows:

cp /etc/nsswitch.nis /etc/nsswitch.conf

The default /etc/nsswitch.nis file looks like this:

# /etc/nsswitch.nis:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses NIS (YP) in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

# NIS service requires that svc:/network/nis/client:default be enabled
# and online.

# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd:     files nis
group:      files nis

# consult /etc "files" only if nis is down.
hosts:      nis [NOTFOUND=return] files

# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
ipnodes:    nis [NOTFOUND=return] files

networks:   nis [NOTFOUND=return] files
protocols:  nis [NOTFOUND=return] files
rpc:        nis [NOTFOUND=return] files
ethers:     nis [NOTFOUND=return] files
netmasks:   nis [NOTFOUND=return] files
bootparams: nis [NOTFOUND=return] files
publickey:  nis [NOTFOUND=return] files

netgroup:   nis

automount:  files nis
aliases:    files nis
# for efficient getservbyname() avoid nis
services:   files nis
printers:   user files nis

auth_attr:  files nis
prof_attr:  files nis
project:    files nis

Each line of the /etc/nsswitch.nis file identifies a particular type of network information, such as host, password, and group, followed by one or more sources, such as NIS maps, the DNS hosts table, or the local /etc files. The source is where the client looks for the network information. For example, the system should first look for the passwd information in the /etc/passwd file. Then, if it does not find the login name there, it needs to query the NIS server.

The name service switch file lists many types of network information, called databases, with their name service sources for resolution, and the order in which the sources are to be searched. Table 12.3 lists valid sources that can be specified in this file.

Table 12.3. Database Sources

Source	Description
files	Refers to the client's local /etc files
nisplus	Refers to an NIS+ table
nis	Refers to an NIS table
user	Refers to the ${HOME}/.printers file
dns	Applies only to the hosts enTRy
ldap	Refers to the LDAP directory
compat	Supports an old-style + syntax that used to be used in the passwd and group information

As shown in the previous nsswitch.nis template file, the name service switch file can contain action values for several of the entries. When the naming service searches a specified source, such as local files or NIS, the source returns a status code. These status codes are described in Table 12.4.

Table 12.4. Name Service Search Status Codes

Source	Description
SUCCESS	Requested entry was found.
UNAVAIL	Source was unavailable.
NOTFOUND	Source contains no such entry.
TRYAGAIN	Source returned an "I am busy, try later" message.

For each status code, two actions are possible:

• Continue Try the next source.

• Return Stop looking for an entry.

The default actions are as follows:

SUCCESS = return

UNAVAIL = continue

NOTFOUND = continue

TRYAGAIN = continue

Normally, a success indicates that the search is over and an unsuccessful result indicates that the next source should be queried. There are occasions, however, when you want to stop searching when an unsuccessful search result is returned. For example, the following entry in the nsswitch.nis template states that only the NIS hosts table in the NIS map is searched:

hosts: nis [NOTFOUND=return] files

If the NIS map has no entry for the host lookup, the system would not reference the local /etc/hosts file. Remove the [NOTFOUND=return] entry if you want to search the NIS hosts table and the local /etc/hosts file.