Name Service Switch
The Name Service Switch (NSS) is a facility in Unix-like operating systems that provides a variety of sources for common configuration databases and name resolution mechanisms. These sources include local operating system files (such as /etc/passwd, /etc/group, and /etc/hosts), the Domain Name System (DNS), the Network Information Service (NIS), and LDAP.
nsswitch.conf
A system administrator usually configures the operating system's name services using the file /etc/nsswitch.conf. This lists databases (such as passwd, shadow and group) and one or more sources for obtaining that information. Examples for sources are files for local files, ldap for the Lightweight Directory Access Protocol, nis for the Network Information Service, nisplus for NIS+, and wins for Windows Internet Name Service.
The nsswitch.conf file has line entries for each service consisting of a database name in the first field, terminated by a colon, and a list of possible source databases mechanisms in the second field. A typical file might look like:
passwd: files ldap shadow: files group: files ldap hosts: dns nis files ethers: files nis netmasks: files nis networks: files nis protocols: files nis rpc: files nis services: files nis automount: files aliases: files
The order of the services listed determines in which order NSS will attempt to use those services to resolve queries on the specified database.
History
Earlier Unix-like systems, with the notable exception of Ultrix, either accessed only the configuration files or had hard-coded rules for files or databases to access; Ultrix offered nearly identical functionality to the Name Service Switch, using the configuration file /etc/svc.conf.
Sun Microsystems first developed NSS for their Solaris operating system, but subsequently programmers ported it to many other operating systems including FreeBSD, NetBSD, GNU/Linux, HP-UX, IRIX and AIX.
See also
- Passwd (database)
- Shadow (database)
- Group (database)
- Pluggable Authentication Modules
- BSD Authentication
- Name server
- System Security Services Daemon (SSSD)
External links
- : name-service switch configuration file – NetBSD File Formats Manual
- Name Service Switch implementation in the GNU C Library
- NSS module supporting LDAP: nss_ldap
- Another NSS module supporting LDAP: nss-ldapd
- NSS module supporting AFS: nss_afs