nsswitch.conf(4)nsswitch.conf(4)NAME
nsswitch.conf - configuration file for the name-service switchSYNOPSISDESCRIPTION
The operating system uses a number of "databases" of information about
hosts, users groups and so forth. Data for these can come from a vari‐
ety of sources: host-names and -addresses, for example, may be found
in NIS, LDAP, or DNS. One or more sources may be used for each data‐
base; the sources and their lookup order are specified in the file.
The following databases use the switch:
Database Used by
The
fol‐
low‐
ing
sources
may
be
used:
Source Uses
and
so
forth
NIS
(YP)
LDAP
Direc‐
tory
Server
Valid
only
for uses
the
Inter‐
net
Domain
Name
Ser‐
vice.
Valid
only
for and
imple‐
ments
and
(See
below)
There
is
an
entry
in
for
each
data‐
base.
Typ‐
i‐
cally
these
entries
will
be
sim‐
ple,
like
or
How‐
ever,
when
mul‐
ti‐
ple
sources
are
spec‐
i‐
fied
it
is
some‐
times
nec‐
es‐
sary
to
define
pre‐
cisely
the
cir‐
cum‐
stances
under
which
each
source
will
be
tried.
A
source
can
return
one
of
the
fol‐
low‐
ing
codes:
Sta‐
tus Mean‐
ing
Requested
data‐
base
entry
was
found
Source
is
not
respond‐
ing
or
cor‐
rupted
Source
responded
"no
such
entry"
Source
is
busy,
might
respond
to
retries
For
each
sta‐
tus
code,
two
actions
are
pos‐
si‐
ble:
Action Mean‐
ing
Try
the
next
source
in
the
list
Return
now
The
com‐
plete
syn‐
tax
of
an
entry
is
<entry> ::= <database> ":" [<source> [<criteria>]]* <source>
<criteria> ::= "[" <criterion>+ "]"
<criterion> ::= <status> "=" <action>
<status> ::= "success" | "notfound" | "unavail" | "tryagain"
<action> ::= "return" | "continue"
Each
entry
occu‐
pies
a
sin‐
gle
line
in
the
file.
Lines
that
are
blank,
or
that
start
with
white
space
char‐
ac‐
ter
are
ignored.
Every‐
thing
on
a
line
fol‐
low‐
ing
a
char‐
ac‐
ter
is
also
ignored;
the
char‐
ac‐
ter
can
begin
any‐
where
in
a
line,
to
be
used
to
begin
com‐
ments.
The
data‐
base
and
source
names
are
case-
sen‐
si‐
tive,
but
action
and
sta‐
tus
names
are
case-
insen‐
si‐
tive.
The
default
cri‐
te‐
ria
are
to
con‐
tinue
on
any‐
thing
except
in
other
words,
The
default,
or
explic‐
itly
spec‐
i‐
fied,
cri‐
te‐
ria
are
mean‐
ing‐
less
fol‐
low‐
ing
the
last
source
in
an
entry;
and
are
ignored
since
the
action
is
always
to
return
to
the
call‐
er
irre‐
spec‐
tive
of
the
sta‐
tus
code
the
source
returns.
Inter‐
ac‐
tion
with
net‐
con‐
fig
In
order
to
ensure
that
they
all
return
con‐
sis‐
tent
results
based
on
the
fam‐
ily
of
entries,
and
func‐
tions
are
all
imple‐
mented
in
terms
of
the
same
inter‐
nal
switch
library
func‐
tions.
These
func‐
tions
obtain
the
sys‐
tem-
wide
source
lookup
pol‐
icy
for
and
based
on
the
fam‐
ily
entries
in
For
and
only
the
"-"
in
the
last
col‐
umn,
which
rep‐
re‐
sents
name‐
toaddr
libraries,
is
sup‐
ported.
NIS
(YP)
server
in
DNS-
for‐
ward‐
ing
Mode
The
NIS
(YP)
server
can
be
run
in
"DNS-
for‐
ward‐
ing
mode"
(see
rpc.nisd_resolv(1M)),
where
it
for‐
wards
lookup
requests
to
DNS
for
host-
names
and
host-
addresses
that
do
not
exist
in
its
data‐
base.
In
this
case,
spec‐
i‐
fy‐
ing
as
a
source
for
is
suf‐
fi‐
cient
to
get
DNS
lookups;
need
not
be
spec‐
i‐
fied
explic‐
itly
as
a
source.
Inter‐
ac‐
tion
with
+/-
syn‐
tax
Releases
prior
to
HP-
UX
10.30
did
not
have
the
name-
ser‐
vice
switch
sup‐
port
for
passwd
and
group
but
did
allow
the
user
some
pol‐
icy
con‐
trol.
In
one
could
have
entries
of
the
form
(include
the
spec‐
i‐
fied
user
from
NIS
passwd.byname),
(exclude
the
spec‐
i‐
fied
user)
and
(include
every‐
thing,
except
excluded
users,
from
NIS
passwd.byname).
The
desired
behav‐
ior
was
often
"every‐
thing
in
the
file
fol‐
lowed
by
every‐
thing
in
NIS",
expressed
by
a
soli‐
tary
at
the
end
of
The
switch
pro‐
vides
an
alter‐
na‐
tive
for
this
case
that
does
not
require
entries
in
If
this
is
not
suf‐
fi‐
cient,
the
source
pro‐
vides
full
seman‐
tics.
It
reads
for
func‐
tions
and,
if
it
finds
entries,
invokes
an
appro‐
pri‐
ate
source.
The
only
source
sup‐
ported
by
pseudo-
data‐
base
is
The
source
also
pro‐
vides
full
seman‐
tics
for
the
rel‐
e‐
vant
pseudo-
data‐
base
is
Use‐
ful
Con‐
fig‐
u‐
ra‐
tions
The
com‐
piled-
in
default
entries
for
all
data‐
bases
use
NIS
(YP)
as
the
enter‐
prise
level
name-
ser‐
vice
and
are
iden‐
ti‐
cal
to
those
in
the
default
con‐
fig‐
u‐
ra‐
tion
of
this
file:
The
pol‐
icy
implies
"if
is
con‐
tinue
on
to
and
if
returns
return
to
the
call‐
er";
in
other
words,
treat
as
the
author‐
i‐
ta‐
tive
source
of
infor‐
ma‐
tion
and
try
only
if
is
down.
Notes
The
rou‐
tines
and
do
not
fol‐
low
the
com‐
piled-
in
default
be‐
hav‐
iour
for
data‐
base.
These
rou‐
tines
use
as
default
source,
unless
explic‐
itly
spec‐
i‐
fied
in
the
file.
If
com‐
pat‐
i‐
bil‐
ity
with
the
syn‐
tax
for
passwd
and
group
is
required,
sim‐
ply
mod‐
ify
the
entries
for
and
to:
To
get
infor‐
ma‐
tion
from
the
Inter‐
net
Domain
Name
Ser‐
vice
for
hosts
that
are
not
listed
in
the
enter‐
prise
level
name-
ser‐
vice,
NIS,
use
the
fol‐
low‐
ing
con‐
fig‐
u‐
ra‐
tion
and
set
up
the
file
See
resolver(4)
for
more
details.
The
file
con‐
tains
an
exam‐
ple
con‐
fig‐
u‐
ra‐
tion
that
can
be
copied
to
to
set
an
LDAP
pol‐
icy.
If
the
net‐
group
syn‐
tax
(used
for
access
con‐
trol
as
defined
by
is
desired,
the
admin‐
is‐
tra‐
tor
needs
to
con‐
fig‐
ure
in
the
file.
See
the
lda‐
pux(5)
man‐
page
for
more
infor‐
ma‐
tion
about
LDAP-
UX,
pam_authz(5)
man‐
page
for
more
infor‐
ma‐
tion
on
and
passwd(4)
for
more
infor‐
ma‐
tion
about
the
net‐
group
syn‐
tax.
The
lda‐
pux(5)
and
pam_authz(5)
man‐
pages
are
in
the
LDAP-
UX
Inte‐
gra‐
tion
prod‐
uct.
Enu‐
mer‐
a‐
tion
--
getXXXent()
Many
of
the
data‐
bases
have
enu‐
mer‐
a‐
tion
func‐
tions:
has
has
and
so
on.
These
were
rea‐
son‐
able
when
the
only
source
was
but
often
make
lit‐
tle
sense
for
hier‐
ar‐
chi‐
cally
struc‐
tured
sources
that
con‐
tain
large
num‐
bers
of
entries,
much
less
for
mul‐
ti‐
ple
sources.
The
inter‐
faces
are
still
pro‐
vided
and
the
imple‐
men‐
ta‐
tions
strive
to
pro‐
vide
rea‐
son‐
able
results,
but
the
data
returned
may
be
incom‐
plete
(enu‐
mer‐
a‐
tion
for
is
sim‐
ply
not
sup‐
ported
by
the
source),
incon‐
sis‐
tent
(if
mul‐
ti‐
ple
sources
are
used),
very
expen‐
sive
(enu‐
mer‐
at‐
ing
a
data‐
base
of
5000
users
is
prob‐
a‐
bly
a
bad
idea)
or
for‐
mat‐
ted
in
an
unex‐
pected
fash‐
ion.
Fur‐
ther‐
more,
mul‐
ti‐
ple
threads
in
the
same
process
using
the
same
reen‐
trant
enu‐
mer‐
a‐
tion
func‐
tion
(are
sup‐
ported)
share
the
same
enu‐
mer‐
a‐
tion
posi‐
tion;
if
they
inter‐
leave
calls,
they
will
enu‐
mer‐
ate
dis‐
joint
sub‐
sets
of
the
same
data‐
base.
In
gen‐
eral
the
use
of
the
enu‐
mer‐
a‐
tion
func‐
tions
is
dep‐
re‐
cated.
In
the
case
of
and
it
may
some‐
times
be
appro‐
pri‐
ate
to
use
and
(see
get‐
grent(3C),
and
get‐
p‐
went(3C),
respec‐
tively),
which
use
only
the
source.
WARN‐
INGS
Within
each
process
that
uses
the
entire
file
is
read
only
once.
If
the
file
is
later
changed,
the
process
will
con‐
tinue
using
the
old
con‐
fig‐
u‐
ra‐
tion.
Pro‐
grams
that
use
the
func‐
tions
can‐
not
be
linked
stat‐
i‐
cally
since
the
imple‐
men‐
ta‐
tion
of
these
func‐
tions
requires
dynamic
linker
func‐
tion‐
al‐
ity
to
access
the
shared
objects
at
run
time.
Mis‐
spelled
names
of
sources
and
data‐
bases
will
be
treated
as
legit‐
i‐
mate
names
of
(most
likely
nonex‐
is‐
tent)
sources
and
data‐
bases.
The
fol‐
low‐
ing
func‐
tions
do
not
use
the
switch:
and
The
func‐
tions
and
were
intro‐
duced
with
and
not
found
in
Appli‐
ca‐
tions
linked
with
will
dis‐
play
dif‐
fer‐
ent
default
actions
for
and
Appli‐
ca‐
tions
linked
with
will
have
the
switch
search
ter‐
mi‐
nate
if
the
Name
Ser‐
vice
returns
a
result
of
or
This
will
be
an
issue
for
exist‐
ing
files
that
spec‐
ify
name
ser‐
vice
lookup
cri‐
te‐
ria
that
con‐
tains
no
cri‐
te‐
rion
between
source
entries.
Exam‐
ple:
For
appli‐
ca‐
tions
linked
with
the
fall‐
back
to
files
will
only
occur
if
returns
For
all
other
appli‐
ca‐
tions,
the
fall‐
back
to
files
will
occur
unless
returns
For
appli‐
ca‐
tions
linked
with
and
other
appli‐
ca‐
tions
to
have
the
same
behav‐
ior,
a
cri‐
te‐
rion
must
be
spec‐
i‐
fied
between
source.
For
behav‐
ior:
For
the
default
sys‐
tem
behav‐
ior:
NIS+
is
obso‐
leted
on
HP-
UX
11i
Ver‐
sion
3
and
is
no
longer
sup‐
ported.
LDAP
is
the
rec‐
om‐
mended
replace‐
ment
for
NIS+.
HP
fully
sup‐
ports
the
indus‐
try
stan‐
dard
nam‐
ing
ser‐
vices
based
on
LDAP.
Obso‐
les‐
cence
The
direc‐
tive
may
not
be
sup‐
ported
in
future
HP-
UX
releases.
In
order
to
min‐
i‐
mize
the
impact
to
appli‐
ca‐
tions,
it
is
rec‐
om‐
mended
that
you
have
the
same
con‐
fig‐
u‐
ra‐
tion
for
the
and
the
direc‐
tives.
AUTHOR
was
devel‐
oped
by
Sun
Microsys‐
tems,
Inc.
FILES
A
source
named
SSS
is
imple‐
mented
by
a
shared
object
named
that
resides
in
con‐
fig‐
u‐
ra‐
tion
file
imple‐
ments source
imple‐
ments source
imple‐
ments source
imple‐
ments source
imple‐
ments source
con‐
fig‐
u‐
ra‐
tion
file
for func‐
tions
that
redi‐
rects
hosts/ser‐
vices
pol‐
icy
to
the
switch
sam‐
ple
con‐
fig‐
u‐
ra‐
tion
file
that
uses only
sam‐
ple
con‐
fig‐
u‐
ra‐
tion
file
that
uses and
sam‐
ple
con‐
fig‐
u‐
ra‐
tion
file
that
uses and
SEE
ALSO
auto‐
mount(1M),
rpc.nisd_resolv(1M),
send‐
mail(1M),
get‐
grent(3C),
geth‐
os‐
tent(3N),
get‐
ne‐
tent(3N),
get‐
net‐
grent(3C),
get‐
pro‐
toent(3N),
get‐
pub‐
lickey(3N),
get‐
p‐
went(3C),
getr‐
p‐
cent(3C),
get‐
ser‐
vent(3N),
get‐
spent(3C),
net‐
dir(3N),
secure_rpc(3N),
net‐
con‐
fig(4),
resolver(4),
shadow(4),
ypfiles(4).
lda‐
pux(5)
and
pam_authz(5)
in
the
LDAP-
UX
Inte‐
gra‐
tion
prod‐
uct.
nsswitch.conf(4)