A.2 Name Service Switch (NSS)

The Name Service Switch (NSS) framework was designed to let administrators specify which files or directory services to query to obtain information. For example, it's frequently used to specify whether a system should perform hostname lookups in /etc/hosts, NIS, or DNS. Here's an entry from a typical NSS configuration file, named /etc/nsswitch.conf. It instructs the local machine to check its own /etc/hosts file first and to consult DNS only if the entry is not located. NIS is not consulted at all.

hosts:      files dns

NSS can provide similar services for many different administrative databases. The following databases are generally defined in /etc/nsswitch.conf:


You can configure a different lookup method for each database. An NSS module does not need to support all of the databases listed above. Some lookup modules support only user accounts. The libnss_dns.so library is designed to resolve only hostnames and network addresses.

A typical NSS configuration for an LDAP-enabled host would appear as:

# /etc/nsswitch.conf
# Legal entries are:
# nisplus or nis+: Use NIS+ (NIS Version 3)
# nis or yp: Use NIS (NIS Version 2)
# dns: Use DNS (Domain Name Service)
# files: Use the local files
# db: Use the local database (.db) files
# compat: Use NIS on compat mode
# hesiod: Use Hesiod for user lookups
# ldap: Use PADL's nss_ldap
## How to handle users and groups
passwd:     files ldap 
shadow:     files ldap 
group:      files ldap 
## DNS should be authoritative; use files only when DNS is not available.
hosts:      dns [NOTFOUND=return] files
bootparams: ldap files
ethers:     ldap files
netmasks:   ldap files
networks:   ldap files
protocols:  ldap files
rpc:        ldap files
services:   ldap files
netgroup:   files ldap
automount:  files ldap 
aliases:    files

More information can be found on the nsswitch.conf(5) manpage.