About the Name Service Switch

The name service switch is a configurable selection service that enables an administrator to specify which name information service or source to use for each type of network information. The services are called a database. The name service switch is used by client applications that call any of the getXbyY() interfaces, such as the following.

• gethostbyname()

• getpwuid()

• getpwnam()

• getaddrinfo()

Each system has its own configuration in an SMF repository. Each property defined in the name service switch identifies a particular database, such as a host, password, or group. The value assigned to each property lists one or more sources from which to request the information. Sometimes, these values include guidance or options. The guidance might include how many retries to a service should be attempted, what timeout to apply, or what to do if the service fails.

Databases and Sources for the Name Service Switch

The following databases are supported by the name service switch.

Table 2-1 Databases for the Name Service Switch

In addition, a default property in the name service switch defines the source string for any database that is not otherwise defined. If your network uses the same sources for most databases, then you can change the default property and not define a property for each database. See How to Change the Source for All Naming Databases for the procedure.

To support prior releases, the enable_passwd_compat and enable_group_compat properties can be set to true to enable compat mode for password and group information. This mode provides support for old-style + or - syntax in the appropriate databases. In the current release, this functionality has been replaced by the pam_list module.

The following table describes the kind of sources that can be listed in the name service switch for the databases listed above.

Table 2-2 Information Sources for the Name Service Switch

Search Criteria for the Name Service Switch

The following search criteria formats can be used to select one or more information sources, and to specify the order that the sources are used.

• Single Source — If an information type has only one source, such as files, a search routine that uses the switch searches for the information in that source only. If the routine finds the information, the routine returns a success status message. If the routine does not find the information, the routine stops searching and returns a different status message. What the routine does with the status message varies from routine to routine.

• Multiple Sources — If a database contains multiple sources for a given information type, the switch directs the search routine to search in the first listed source. If the routine finds the information, the routine returns a success status message. If the routine does not find the information in the first source, the routine tries the next source. The routine searches all sources until the routine has found the information, or until the routine is halted by a return specification. If all of the listed sources are searched without finding the information, the routine stops searching and returns a non-success status message.

By default in the Oracle Solaris 11 release, the first source is files. This configuration prevents system hangs if the next source listed is not available.

Status Messages for the Name Service Switch

If a routine finds the information, the routine returns a success status message. If the routine does not find the information, the routine returns one of three error status messages. Possible status messages are listed in the following table.

Table 2-3 Status Messages for the Name Service Switch

Switch Action Options for the Name Service Switch

You can instruct the name service switch to respond to status messages with either of the two actions shown in the following table.

Table 2-4 Responses to Status Messages from the Name Service Switch

In addition, for the TRYAGAIN status message, the following actions can be defined

• forever – Retries the current source indefinitely

• n – Retry the current source n more times

Default Search Criteria for the Name Service Switch

The combination of the name service switch status message and action options determine what the search routine does at each step. The combination of the status message and action options make up the search criteria.

The switch's default search criteria are the same for every source. This list includes a description of several of the search criteria.

• SUCCESS=return. Stop looking for the information. Proceed using the information that has been found.

• UNAVAIL=continue. Go to the next name service switch source and continue searching. If this source is the last or only source, return with a NOTFOUND status.

• NOTFOUND=continue. Go to the next name service switch source and continue searching. If this source is the last or only source, return with a NOTFOUND status.

• TRYAGAIN=continue. Go to the next name service switch source and continue searching. If this source is the last or only source, return with a NOTFOUND status.

You can change the default search criteria by explicitly specifying some other criteria by using the STATUS=action syntax shown in the preceding list. For example, the default action for a NOTFOUND condition is to continue the search to the next source. The search criteria for the network database could be reported as:

svc:/system/name-service/switch> listprop config/network
config/network  astring             "nis [NOTFOUND=return] files"

The networks: nis [NOTFOUND=return] files entry specifies a non-default criterion for the NOTFOUND status. Non-default criteria are delimited by square brackets.

In this example, the search routine behaves as follows:

• If the network database is available and contains the needed information, the routine returns with a SUCCESS status message.

• If the network database is not available, the routine returns with an UNAVAIL status message. By default, the routine continues to search by using the next criteria listed.

• If the network database is available and found, but the database does not contain the needed information, the routine returns with a NOTFOUND message. However, instead of continuing to search the next source, which would be the default behavior, the routine stops searching.

• If the network database is busy, the routine returns with an TRYAGAIN status message and by default continues to search the network database.

What If the Syntax Is Wrong?

The client library routines contain compiled-in default entries that are used if no specific SMF property or default SMF property is defined in the name service switch, or if the property is syntactically incorrect. Typically, these compiled-in defaults are “files” only.

auto_home and auto_master

The switch search criteria for the auto_home and auto_master tables and maps is combined into one category, which is called automount.

timezone and the Name Service Switch

The timezone table does not use the name service switch, so the table is not included in the property list for the switch.

keyserv and publickey Entries in the Name Service Switch

---

Caution - You must restart the keyserv daemon after you make a change to the name service switch in order for the changes to take effect.

---

The keyserv daemon reads the publickey properties in the name service switch only when keyserv is started. If you change the name service switch properties, keyserv does not register the changes until the keyserv daemon is restarted by using svcadm refresh svc:/network/rpc/keyserv:default. This command must be run after the properties have been changed and the name-service/switch service has been refreshed so that the property changes are loaded into the SMF repository.