test

Trusted Solaris Installation and Configuration

Set Up the NIS+ Domain

Setting up the NIS+ root master sets up the NIS+ domain for the Trusted Solaris NIS+ clients. Several NIS+ tables have been created or modified to hold Trusted Solaris data about label configuration, users, roles, execution profiles, and remote hosts.

To Set the Stage

  1. As root, create a staging area for files you plan to use to populate the NIS+ databases.

    You can place the staging area wherever you have enough space. Usually a few megabytes is more than enough room to store some files temporarily.


    # mkdir -p /setup/files

  2. Copy the sample /etc files into the staging area.

    Most of the files you need already exist on the installed system and have enough data in them to get you started. The following files in the /etc directory are usually not found on a newly installed system: bootparams, ethers, netgroup, netmasks, and timezone. You can create these with an editor, load them from a backup diskette, or merely create empty versions of these files, so that the NIS+ tables are created all at once. If you choose not to create these files, you can create them later, but the nispopulate(1M) command may print out a few warning messages.


    # cd /etc
# touch bootparams ethers netgroup netmasks timezone

# cp bootparams ethers netgroup netmasks timezone \
aliases auto_home auto_master group hosts networks \
protocols publickey rpc services /setup/files

# cd security
# cp  auth_attr prof_attr exec_attr /setup/files/
# # 
# cd /etc/security/tsol
# cp tnrhdb tnrhtp /setup/files
# # 
# cd /etc/inet
# cp ipnodes /setup/files

  3. Create empty files in the staging area of files whose contents should not be distributed.


    # cd /setup/files
# touch audit_user passwd shadow user_attr

    All entries in the passwd, shadow, and user_attr files on a newly-installed system are local users who should be restricted to local access. The name service will create empty databases from the empty files, and will not print spurious warning messages.

  4. Check that all the files are now in your staging area; there are 25.


    # ls | wc -l
     25

  5. Edit the hosts file in your staging area.

    1. Open the Admin Editor and enter /setup/files/hosts for editing.

      For more detailed instructions, see "To Create or Open a File from the Trusted Editor".

      The file already contains the NIS+ root master (that is, this host's address) and the static routers, if any.

    2. Add every workstation that will be in the Trusted Solaris 8 domain.

      There is no wildcard mechanism here. The IP address of every workstation to be contacted must be in this file.

      Caution - Caution -

      Failure to include a workstation will cause client authentication to fail; the NIS+ client will have no credentials.

    3. Add every other workstation with which the domain can communicate.

    4. Use the :wq! command to write the file and exit the editor.

    There is enough information in your staging area to convert your host to a NIS+ master.

    Caution - Caution -

    If you have edited any files, you must be very careful to provide all of the information necessary in the correct formats before populating the NIS+ tables. Failure to do so can result in the inability to further administer or use the system.

To Set Up NIS+ with Databases from the Staging Area

For fuller descriptions of NIS+ setup and administration, see

  1. Double-click the Create NIS+ server action in the System_Admin folder.

    See "To Run a Script from the System_Admin Folder" if you are unfamiliar with using trusted actions.

  2. Enter your NIS+ domain name.

    This workstation will be the root master. For example, 


    Domain Name: aviary.eco.org.

    There is a period at the end of the domain name.

  3. Answer the prompts ( y, y, rootpassword).

    You can ignore diagnostics printing out that the file /etc/defaultdomain cannot be located. The file will be created.

  4. In the /setup/files directory, make sure that you have added all NIS+ clients to the hosts file.


    # cd /setup/files
# more hosts

  5. Populate the standard NIS+ databases from the /setup/files directory by running the Populate NIS+ Tables action in the System_Admin folder.

  6. Enter your staging area when prompted. 


    Populate from which directory? /setup/files

  7. Answer the prompts (y, y).


    ...
Is this information correct? y
...
Do you want to continue? y

  8. Load any additional NIS+ tables you may have backed up, such as auto_home.

    Procedures vary depending on the format of the backup and on what types of NIS+ tables they are. Refer to the Solaris Naming Setup and Configuration Guide for details of how to load your tables.

  9. Do not reboot your system yet.