Name Service Switch

Last updated

The Name Service Switch (NSS) is an interface of glibc that connects a computer with a variety of sources of common configuration databases and name resolution mechanisms. [1] These sources include local operating system files (such as /etc/passwd , /etc/group , and /etc/hosts ), the Domain Name System (DNS), the Network Information Service (NIS, NIS+), and LDAP.

Contents

nsswitch.conf

A system administrator usually configures the operating system's name services using the file /etc/nsswitch.conf. This file lists databases (such as passwd, shadow and group), and one or more sources for obtaining that information. Examples for sources are files for local files, ldap for the Lightweight Directory Access Protocol, nis for the Network Information Service, nisplus for NIS+, dns for the Domain Name System (DNS), and wins for Windows Internet Name Service.

The nsswitch.conf file has line entries for each service consisting of a database name in the first field, terminated by a colon, and a list of possible source databases in the second field.

A typical file might look like:

passwd:     files ldap shadow:     files group:      files ldap  hosts:      dns nis files  ethers:     files nis netmasks:   files nis networks:   files nis protocols:  files nis rpc:        files nis services:   files nis  automount:  files aliases:    files 

The order of the source databases determines the order the NSS will attempt to look up those sources to resolve queries for the specified service. A bracketed list of criteria may be specified following each source name to govern the conditions under which the NSS will proceed to querying the next source based on the preceding source's response.

History

Earlier Unix-like systems either accessed only local files or had hard-coded rules for accessing files or network-stored databases. Ultrix was a notable exception with its nearly identical functionality of the NSS configuration file in /etc/svc.conf.

Sun Microsystems first developed the NSS for their Solaris operating system.

Solaris' compliance with SVR4, which Sun Microsystems and AT&T Unix System Laboratories jointly developed by merging UNIX System V, BSD and Xenix, required that third parties be able to plug in name service implementations for the transport layer of their choosing (OSI or IP) without rewriting SVR4-compliant Transport-Independent RPC (TI-RPC) applications or rebuilding the operating system. Sun introduced the NIS+ directory service in Solaris to supersede NIS, which required co-existence of the two directory services within an enterprise to ease migration.

Sun engineers Thomas Maslen and Sanjay Dani were the first to design and implement the Name Service Switch. They fulfilled Solaris requirements with the nsswitch.conf file specification and the implementation choice to load database access modules as dynamically loaded libraries, which Sun was also the first to introduce.

Sun engineers' original design of the configuration file and runtime loading of name service back-end libraries has withstood the test of time as operating systems have evolved and new name services are introduced. Over the years, programmers ported the NSS configuration file with nearly identical implementations to many other operating systems including FreeBSD, NetBSD, Linux, HP-UX, IRIX and AIX [ citation needed ]. More than two decades after the NSS was invented, GNU libc implements it almost identically.

See also

Related Research Articles

Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.

<span class="mw-page-title-main">Unix shell</span> Command-line interpreter for Unix operating system

A Unix shell is a command-line interpreter or shell that provides a command line user interface for Unix-like operating systems. The shell is both an interactive command language and a scripting language, and is used by the operating system to control the execution of the system using shell scripts.

The Network Information Service, or NIS, is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network. Sun Microsystems developed the NIS; the technology is licensed to virtually all other Unix vendors.

<span class="mw-page-title-main">OpenLDAP</span>

OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project. It is released under its own BSD-style license called the OpenLDAP Public License.

Zero-configuration networking (zeroconf) is a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It does not require manual operator intervention or special configuration servers. Without zeroconf, a network administrator must set up network services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer's network settings manually.

In computing, a directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a network operating system. A directory server or name server is a server which provides such a service. Each resource on the network is considered an object by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object.

passwd Tool to change passwords on Unix-like OSes

passwd is a command on Unix, Plan 9, Inferno, and most Unix-like operating systems used to change a user's password. The password entered by the user is run through a key derivation function to create a hashed version of the new password, which is saved. Only the hashed version is stored; the entered password is not saved for security reasons.

chroot is an operation on Unix and Unix-like operating systems that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a chroot jail.

<span class="mw-page-title-main">UNIX System V</span> Early commercial UNIX operating system

Unix System V is one of the first commercial versions of the Unix operating system. It was originally developed by AT&T and first released in 1983. Four major versions of System V were released, numbered 1, 2, 3, and 4. System V Release 4 (SVR4) was commercially the most successful version, being the result of an effort, marketed as Unix System Unification, which solicited the collaboration of the major Unix vendors. It was the source of several common commercial Unix features. System V is sometimes abbreviated to SysV.

<span class="mw-page-title-main">Pluggable authentication module</span> Flexible mechanism for authenticating users

A pluggable authentication module (PAM) is a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). PAM allows programs that rely on authentication to be written independently of the underlying authentication scheme. It was first proposed by Sun Microsystems in an Open Software Foundation Request for Comments (RFC) 86.0 dated October 1995. It was adopted as the authentication framework of the Common Desktop Environment. As a stand-alone open-source infrastructure, PAM first appeared in Red Hat Linux 3.0.4 in August 1996 in the Linux PAM project. PAM is currently supported in the AIX operating system, DragonFly BSD, FreeBSD, HP-UX, Linux, macOS, NetBSD and Solaris.

getent is a Unix command that helps a user get entries in a number of important text files called databases. This includes the passwd and group databases which store user information – hence getent is a common way to look up user details on Unix. Since getent uses the same name service as the system, getent will show all information, including that gained from network information sources such as LDAP.

Source Code Control System (SCCS) is a version control system designed to track changes in source code and other text files during the development of a piece of software. This allows the user to retrieve any of the previous versions of the original source code and the changes which are stored. It was originally developed at Bell Labs beginning in late 1972 by Marc Rochkind for an IBM System/370 computer running OS/360.

Windows Services for UNIX (SFU) is a discontinued software package produced by Microsoft which provided a Unix environment on Windows NT and some of its immediate successor operating-systems.

NIS+ is a directory service developed by Sun Microsystems to replace its older 'NIS'. It is designed to eliminate the need for duplication across many computers of configuration data such as user accounts, host names and addresses, printer information and NFS disk mounts on individual systems, instead using a central repository on a master server, simplifying system administration. NIS+ client software has been ported to other Unix and Unix-like platforms.

resolv.conf is the name of a computer file used in various operating systems to configure the system's Domain Name System (DNS) resolver. The file is a plain-text file usually created by the network administrator or by applications that manage the configuration tasks of the system. The resolvconf program is one such program on FreeBSD or other Unix machines which manages the resolv.conf file.

In computing, the Hesiod name service originated in Project Athena (1983–1991). It uses DNS functionality to provide access to databases of information that change infrequently. In Unix environments it often serves to distribute information kept in the /etc/passwd, /etc/group, and /etc/printcap files, among others. Frequently an LDAP server is used to distribute the same kind of information that Hesiod does. However, because Hesiod can leverage existing DNS servers, deploying it to a network is fairly easy.

VPopMail is an open-source GPL software package used for managing virtual e-mail domains and non-password e-mail accounts on e-mail servers. It was originally developed by Inter7.

chsh is a command on Unix-like operating systems that is used to change a login shell. Users can either supply the pathname of the shell that they wish to change to on the command line, or supply no arguments, in which case chsh allows the user to change the shell interactively.

Template:Use dates Template:OS?

<span class="mw-page-title-main">ProFTPD</span> Open-source FTP server software

ProFTPD is an FTP server. ProFTPD is Free and open-source software, compatible with Unix-like systems and Microsoft Windows . Along with vsftpd and Pure-FTPd, ProFTPD is among the most popular FTP servers in Unix-like environments today. Compared to those, which focus e.g. on simplicity, speed or security, ProFTPD's primary design goal is to be a highly feature rich FTP server, exposing a large amount of configuration options to the user.

References

  1. "Name Service Switch (The GNU C Library)". www.gnu.org. Retrieved 2024-03-13.