Overview [1]#

With the introduction of NSS (Name Switching Service) most of the services within UNIX were given the capability of storing and retrieving data from more than one database location.

The /etc/nsswitch.conf is used to list the available databases along with a hierarchical order of locations to search. Below is an example:

passwd files ldap
In this structure, data for the passwd database can be located in either files or ldap.

NIS, however, cannot search for data in more than one location using nsswitch.conf. Therefore, in order to provide legacy NIS support, basic UNIX libraries support a compatibility or Compat mode to allow NIS to search in more than one location:

passwd compat

passwd_compat files nis

In this structure, the Passwd database is in compatibility mode, and by using the (+/-) symbol in the passwd and shadow files, servces will search for data in files, then NIS. Based on the Solaris 9 Basic Library Reference, compat is provided for NIS only.

Discouraged "compat" mode#

In implementing LDAP as a Naming Service, the "compat" mode which was designed for NIS is highly discouraged.

DO NOT USE Compat unless NIS is in use.

Other methods of access restriction are equally available and currently deployed in customer environments. Customers should develop an architecture that includes needed restriction capabilities followed by thorough testing, development and implementation of the technology that best meets their requirements.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-7) was last changed on 15-Dec-2014 12:24 by jim