current-users: HEADS UP: nsswitch about to go `live' in NetBSD-current

Subject: HEADS UP: nsswitch about to go `live' in NetBSD-current
To: None <current-users@netbsd.org>
From: Luke Mewburn <lukem@netbsd.org>
List: current-users
Date: 01/16/1999 18:33:10
Hello everybody.

This is a `heads up' to let people know that the nsswitch code I've
been working on (for a few years now, on and off) is about to be
committed to the main branch of NetBSD-current.

1. HOW THIS WILL AFFECT YOU

As various elements of libc are changed from their current methods
of determining the order to perform lookups to using nsswitch, your
current operations may not work in the way you expect until an
appropriate /etc/nsswitch.conf is installed.

If /etc/nsswitch.conf does not exist or cannot be read, all database
methods (such as `hosts', `passwd', `group') default to `files'.

For example, if you had 'lookups files bind' in /etc/resolv.conf,
and used the `+/-' syntax in /etc/{passwd,group}, to retain current
functionality you should create /etc/nsswitch.conf with the contents:
	hosts:		files dns
	networks	files dns
	passwd:		compat
	group:		compat
	passwd_compat:	nis
	group_compat:	nis


Affected subsystems include:

* /etc/hosts:
  (gethostbyname(), gethostbyaddr(), et al)

	The `lookup' keyword in /etc/resolv.conf is obsolete.

	By default, lookups only occur from /etc/hosts (and not the DNS).

	Supported sources:
		files, dns, nis

	If you wish to lookup hosts from the DNS as well as from
	/etc/hosts, add a line to /etc/nsswitch.conf of the form:
		hosts: files dns

* /etc/networks

	The `lookup' keyword in /etc/resolv.conf is obsolete.

	By default, lookups only occur from /etc/networks (and not the DNS).

	Supported sources:
		files, dns

	If you wish to lookups networks from the DNS as well as from
	/etc/networks, add a line to /etc/nsswitch.conf of the form:
		networks: files dns

* /etc/passwd, /etc/group:
  (getpw*(), getgr*(), et al)

	By default, all lookups occur from /etc/{passwd,group}, and the
	`+' and `-' syntax is ignored.

	Supported sources:
		files, dns, nis, compat

	If you wish to support the `+/-' syntax, add:
		passwd:		compat
		passwd_compat:  nis

	There is support for hesiod lookups (specify `dns'), including
	in `passwd_compat'.

* /etc/netgroup:
  (getnetgrent() et al)

	By default, all lookups occur from /etc/netgroup.

	Supported sources:
		files, dns

	If you wish to lookup netgroups from YP, add
		netgroup: nis

* /etc/shells
  (getusershell())

	By default, all lookups occur from /etc/shells.

	Supported sources:
		files, dns, nis


2. FEATURES

* A single configuration file to modify - /etc/nsswitch.conf - to
  enable or disable a source (such as `dns', `nis', etc) from being
  used for lookups.

* Support for arbitrary databases (such as `hosts', `passwd', `printcap').
  A developer can use the nsdispatch(3) function for their own code without
  requiring any modification to libc.

* Support for arbitrary sources (such as `files', `dns', `oracle').
  Again, a developer can use the nsdispatch(3) function for their own code
  without requiring any modification to libc.

  Currently, if extra sources are required for existing libc functions
  (such as nisplus methods for getpw*()), then the methods need to be
  added to libc and a relevant entry needs to be added to getpw*()'s
  dispatcher table. Dynamic loading of methods (q.v.) will remove this
  need.

* Automatic reload of /etc/nsswitch.conf upon change; no need to
  restart daemons to make a change effective (unlike the original
  Solaris implementation.)


3. FUTURE WORK

The following functionality is to be added in the future:

* conversion of more databases to using nsswitch

	The following databases could be converted to nsswitch:
		ethers, netmasks, networks, printcap, protocols,
		rpc, services

	Others such as phones, remote, termcap and ttys have been
	suggested as well.

* dynamic loading of methods

	A user could install `liboracle.so' which contains methods
	for whichever databases they wish to implemente (such as
	getpw*() for `passwd', etc).

	Existing static methods in libc will still be supported
	(so you can retain critical services such as DNS gethostby*()
	even if the shared linkage fails).

	Another source directive - `link' - may by added to
	/etc/nsswitch.conf to allow a user to control whether the
	nsdispatch(3) routines use the static or dynamic linker
	for a given method.

	For a programmer, the changes to implement this shouldn't
	require any modification to existing source to take advantage
	of the dynamic linking, and existing dynamically linked
	binaries should work too.

* name service cache daemon - nscd

	A name service cache daemon, implemented on a per database
	basis (e.g, `hosts', `passwd') to reduce network traffic
	on larger systems.


Please report any bugs you find with send-pr.

Enjoy!
Luke.