The Name Service Switch (NSS) connects the computer with a variety of sources of common configuration databases and name resolution mechanisms. These sources include local operating system files (such as , , and ), the
Domain Name System
The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
(DNS), the
Network Information Service
The Network Information Service, or NIS (originally called Yellow Pages or YP), is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network. Sun ...
(NIS, NIS+), and
LDAP
The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory servi ...
.
This
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
mechanism, used in billions of
computer
A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...
s, including all
Unix-like
A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
operating systems, is indispensable to functioning as part of the networked
organization
An organization or organisation (Commonwealth English; see spelling differences), is an entity—such as a company, an institution, or an association—comprising one or more people and having a particular purpose.
The word is derived from ...
and the
Internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
. Among other things, it is invoked every time a computer user clicks on or types a
website address in the
web browser
A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...
or responds to the
password
A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
challenge to be authorized access to the computer and the Internet.
nsswitch.conf
A
system administrator
A system administrator, or sysadmin, or admin is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user computers, such as servers. The system administrator seeks to ensu ...
usually configures the operating system's name services using the file . This file lists databases (such as
passwd
passwd is a command on Unix, Plan 9, Inferno, and most Unix-like operating systems used to change a user's password. The password entered by the user is run through a key derivation function to create a hashed version of the new password, whi ...
,
shadow
A shadow is a dark area where light from a light source is blocked by an opaque object. It occupies all of the three-dimensional volume behind an object with light in front of it. The cross section of a shadow is a two-dimensional silhouette, o ...
and
group
A group is a number of persons or things that are located, gathered, or classed together.
Groups of people
* Cultural group, a group whose members share the same cultural identity
* Ethnic group, a group whose members share the same ethnic ide ...
), and one or more sources for obtaining that information. Examples for sources are ''files'' for local files, ''ldap'' for the
Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory servi ...
, ''nis'' for the
Network Information Service
The Network Information Service, or NIS (originally called Yellow Pages or YP), is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network. Sun ...
, ''nisplus'' for
NIS+ NIS+ is a directory service developed by Sun Microsystems to replace its older 'NIS' (Network Information Service). It is designed to eliminate the need for duplication across many computers of configuration data such as user accounts, host names ...
, ''dns'' for the
Domain Name System
The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
(DNS), and ''wins'' for
Windows Internet Name Service
Windows Internet Name Service (WINS) is the Microsoft implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names. Effectively, WINS is to NetBIOS names what DNS is to domain names — a central mapping ...
.
The nsswitch.conf file has line entries for each service consisting of a database name in the first field, terminated by a colon, and a list of possible source databases in the second field.
A typical file might look like:
passwd: files ldap
shadow: files
group: files ldap
hosts: dns nis files
ethers: files nis
netmasks: files nis
networks: files nis
protocols: files nis
rpc: files nis
services: files nis
automount: files
aliases: files
The order of the source databases determines the order the NSS will attempt to look up those sources to resolve queries for the specified service. A bracketed list of criteria may be specified following each source name to govern the conditions under which the NSS will proceed to querying the next source based on the preceding source's response.
History
Earlier
Unix-like
A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
systems either accessed only local files or had hard-coded rules for accessing files or network-stored databases.
Ultrix
Ultrix (officially all-caps ULTRIX) is the brand name of Digital Equipment Corporation's (DEC) discontinued native Unix operating systems for the PDP-11, VAX, MicroVAX and DECstations.
History
The initial development of Unix occurred on DEC equip ...
was a notable exception with its nearly identical functionality of the NSS configuration file in .
Sun Microsystems
Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, the ...
first developed the NSS for their
Solaris
Solaris may refer to:
Arts and entertainment Literature, television and film
* ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem
** ''Solaris'' (1968 film), directed by Boris Nirenburg
** ''Solaris'' (1972 film), directed by ...
operating system.
Solaris' compliance with SVR4, which Sun Microsystems and
AT&T
AT&T Inc. is an American multinational telecommunications holding company headquartered at Whitacre Tower in Downtown Dallas, Texas. It is the world's largest telecommunications company by revenue and the third largest provider of mobile tel ...
Unix System Laboratories jointly developed by merging
UNIX System V
Unix System V (pronounced: "System Five") is one of the first commercial versions of the Unix operating system. It was originally developed by AT&T and first released in 1983. Four major versions of System V were released, numbered 1, 2, 3, an ...
,
BSD
The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berk ...
and
Xenix
Xenix is a discontinued version of the Unix operating system for various microcomputer platforms, licensed by Microsoft from AT&T Corporation in the late 1970s. The Santa Cruz Operation (SCO) later acquired exclusive rights to the software, and ...
, required that third parties be able to plug in name service implementations for the
transport layer
In computer networking, the transport layer is a conceptual division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model. The protocols of this layer provide end-to-end ...
of their choosing (
OSI
OSI may refer to:
Places
* Osijek Airport (IATA code: OSI), an airport in Croatia
* Ősi, a village in Veszprém county, Hungary
* Oši, an archaeological site in Semigallia, Latvia
* Osi, a village in Ido-Osi, Ekiti State, Nigeria
* Osi, Ekiti ...
or
IP) without rewriting SVR4-compliant Transport-Independent
RPC (TI-RPC) applications or rebuilding the operating system. Sun introduced the
NIS+ NIS+ is a directory service developed by Sun Microsystems to replace its older 'NIS' (Network Information Service). It is designed to eliminate the need for duplication across many computers of configuration data such as user accounts, host names ...
directory service in Solaris to supersede
NIS
Nis, Niš, NiS or NIS may refer to:
Places
* Niš, a city in Serbia
* Nis, Iran, a village
* Ness, Lewis ( gd, Nis, links=no), a village in the Outer Hebrides islands
Businesses and organizations
* Naftna Industrija Srbije, Petroleum Industry o ...
, which required co-existence of the two directory services within an enterprise to ease migration.
Sun engineers
Thomas Maslen
Thomas may refer to:
People
* List of people with given name Thomas
* Thomas (name)
* Thomas (surname)
* Saint Thomas (disambiguation)
* Thomas Aquinas (1225–1274) Italian Dominican friar, philosopher, and Doctor of the Church
* Thomas the A ...
and
Sanjay Dani were the first to design and implement the Name Service Switch. They fulfilled Solaris requirements with the nsswitch.conf file specification and the implementation choice to load database access modules as
dynamically loaded libraries, which Sun was also the first to introduce.
Sun engineers' original design of the configuration file and runtime loading of name service back-end libraries has withstood the test of time as operating systems have evolved and new name services are introduced. Over the years, programmers ported the NSS configuration file with nearly identical implementations to many other operating systems including
FreeBSD
FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...
,
NetBSD
NetBSD is a free and open-source Unix operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is a ...
,
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
,
HP-UX
HP-UX (from "Hewlett Packard Unix") is Hewlett Packard Enterprise's proprietary implementation of the Unix operating system, based on Unix System V (initially System III) and first released in 1984. Current versions support HPE Integrity Ser ...
,
IRIX
IRIX ( ) is a discontinued operating system developed by Silicon Graphics (SGI) to run on the company's proprietary MIPS workstations and servers. It is based on UNIX System V with BSD extensions. In IRIX, SGI originated the XFS file system and ...
and
AIX
Aix or AIX may refer to:
Computing
* AIX, a line of IBM computer operating systems
*An Alternate Index, for a Virtual Storage Access Method Key Sequenced Data Set
* Athens Internet Exchange, a European Internet exchange point
Places Belgi ...
. More than two decades after the NSS was invented,
GNU libc implements it almost identically.
See also
*
BSD Authentication
*
Group (database)
*
Name server
A name server refers to the server component of the Domain Name System (DNS), one of the two principal namespaces of the Internet. The most important function of DNS servers is the translation (resolution) of human-memorable domain names (example. ...
*
Pluggable Authentication Modules
A pluggable authentication module (PAM) is a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). PAM allows programs that rely on authentication to be written independently o ...
External links
* {{man, 5, nsswitch.conf, NetBSD, name-service switch configuration file
Name Service Switch implementation in the GNU C Library
nss_ldap
Another NSS module supporting LDAP nss-ldapd
nss_afs
Unix
Domain Name System
Directory services