Wednesday 13 July 2016

NSS (Name Service Switch): nsswitch.conf

The nssswitch.conf file defines how (and in what order) name resolution occurs for different types of objects (e.g. passwords) should be looked up.

Following is an example of an nsswitch.conf file (/etc/nsswitch.conf) from a base CentOS 7 system with LDAP configured:
# /etc/nsswitch.conf
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd:         compat ldap
group:          compat ldap
shadow:         compat
gshadow:        files
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis
If we take hosts for example we can see that 'files' is specified firstly - so the NSS would check /etc/hosts firstly and then query the locally defined dns resolver(s.)

Typically changes made should be instant (i.e. no services etc. need to be restarted) - although in the case that you have nscd - you may need to restart it before changes take effect.


Post a Comment