The Name Service Switch (NSS) framework was designed to let administrators specify which files or directory services to query to obtain information. For example, it's frequently used to specify whether a system should perform hostname lookups in /etc/hosts, NIS, or DNS. Here's an entry from a typical NSS configuration file, named /etc/nsswitch.conf. It instructs the local machine to check its own /etc/hosts file first and to consult DNS only if the entry is not located. NIS is not consulted at all.
hosts: files dns
NSS can provide similar services for many different administrative databases. The following databases are generally defined in /etc/nsswitch.conf:
You can configure a different lookup method for each database. An NSS module does not need to support all of the databases listed above. Some lookup modules support only user accounts. The libnss_dns.so library is designed to resolve only hostnames and network addresses.
A typical NSS configuration for an LDAP-enabled host would appear as:
# /etc/nsswitch.conf # Legal entries are: # # nisplus or nis+: Use NIS+ (NIS Version 3) # nis or yp: Use NIS (NIS Version 2) # dns: Use DNS (Domain Name Service) # files: Use the local files # db: Use the local database (.db) files # compat: Use NIS on compat mode # hesiod: Use Hesiod for user lookups # ldap: Use PADL's nss_ldap ## How to handle users and groups passwd: files ldap shadow: files ldap group: files ldap ## DNS should be authoritative; use files only when DNS is not available. hosts: dns [NOTFOUND=return] files bootparams: ldap files ethers: ldap files netmasks: ldap files networks: ldap files protocols: ldap files rpc: ldap files services: ldap files netgroup: files ldap automount: files ldap aliases: files
More information can be found on the nsswitch.conf(5) manpage.