Solaris Naming Administration Guide


access rights

The permissions assigned to classes of NIS+ principals that determine what operations they can perform on NIS+ objects: read, modify, create, or destroy.

application-level name service

Application-level name services are incorporated in applications offering services such as files, mail, and printing. Application-level name services are bound below enterprise-level name services. The enterprise-level name services provide contexts in which contexts of application-level name services can be bound.

atomic name

An FNS (XFN) term referring to the smallest indivisible component of a name as defined by the naming convention.


In FNS (XFN), each named object is associated with a set of zero or more attributes. Each attribute in the set has a unique attribute identifier, an attribute syntax, and a set of zero or more distinct attribute values.


The determination of whether an NIS+ server can identify the sender of a request for access to the NIS+ namespace. Authenticated requests are divided into the authorization categories of owner, group, and world. Unauthenticated requests--the sender is unidentified, are placed in the Nobody category.


In FNS (XFN), the association of an atomic name with an object reference. For simplicity, an object reference and the object it refers to are used interchangeably in this guide.


An FNS (XFN) acronym referring to a Backus-Naur Form.

cache manager

The program that manages the local caches of NIS+ clients (NIS_SHARED_DIRCACHE), which are used to store location information about the NIS+ servers that support the directories most frequently used by those clients, including transport addresses, authentication information, and a time-to-live value.

child domain

See domain.


The process of writing changes to NIS+ data that are stored in server memory and recorded in the transaction log to the NIS+ tables stored on disk. In other words, updating the NIS+ tables with recent changes to the NIS+ data set.


(1) In NIS+, the client is a principal (machine or user) requesting an NIS+ service from an NIS+ server.

(2) In the client-server model for file systems, the client is a machine that remotely accesses resources of a compute server, such as compute power and large memory capacity.

(3) In the client-server model, the client is an application that accesses services from a "server process." In this model, the client and the server can run on the same machine or on separate machines.

client-server model

A common way to describe network services and the model user processes (programs) of those services. Examples include the name-server/name-resolver paradigm of the Domain Name System (DNS) and file-server/file-client relationships such as NFS and diskless hosts. See also client.

cold-start file

The NIS+ file given to a client when it is initialized that contains sufficient information so that the client can begin to contact the master server in its home domain.

composite name

In FNS (XFN), a name that spans multiple naming systems. It consists of an ordered list of zero or more components. Each component is a name from the namespace of a single naming system. Composite name resolution is the process of resolving a name that spans multiple naming systems.

compound name

In FNS (XFN), a sequence of atomic names composed according to the naming convention of a naming system.


In FNS (XFN), an object whose state is a set of bindings with distinct atomic names. Every context has an associated naming convention. A context provides a lookup (resolution) operation, which returns the reference, and may provide operations such as binding names, unbinding names, and listing bound names.


The authentication information about an NIS+ principal that the client software sends along with each request to an NIS+ server. This information verifies the identity of a user or machine.

data encrypting key

A key used to encipher and decipher data intended for programs that perform encryption. Contrast with key encrypting key.

data encryption standard (DES)

A commonly used, highly sophisticated algorithm developed by the U.S. National Bureau of Standards for encrypting and decrypting data. See also SUN-DES-1.

decimal dotted notation

The syntactic representation for a 32-bit integer that consists of four 8-bit numbers written in base 10 with periods (dots) separating them. Used to represent IP addresses in the Internet as in:


See data encryption standard (DES).


(1) An NIS+ directory is a container for NIS+ objects such as NIS+ tables, groups, or subdirectories

(2) In UNIX, a container for files and subdirectories.

directory cache

A local file used to store data associated with directory objects.

distinguished name

A distinguished name is an entry in an X.500 directory information base (DIB) composed of selected attributes from each entry in the tree along a path leading from the root down to the named entry.


See Domain Name System.


An NIS server or an NIS+ server with NIS compatibility set forwards requests it cannot answer to DNS servers.

DNS zones

Administrative boundaries within a network domain, often made up of one or more subdomains.

DNS zone files

A set of files wherein the DNS software stores the names and IP addresses of all the workstations in a domain.


(1) In NIS+ a group of hierarchical objects managed by NIS+. There is one highest level domain (root domain) and zero or more subdomains. Domains and subdomains may be organized around geography, organizational or functional principles.

  • Parent domain. Relative term for the domain immediately above the current domain in the hierarchy.

  • Child domain. Relative term for the domain immediately below the current domain in the hierarchy.

  • Root domain. Highest domain within the current NIS+ hierarchy.

(2) In the Internet, a part of a naming hierarchy usually corresponding to a Local Area Network (LAN) or Wide Area Network (WAN) or a portion of such a network. Syntactically, an Internet domain name consists of a sequence of names (labels) separated by periods (dots). For example,

(3) In International Organization for Standardization's open systems interconnection (OSI), "domain" is generally used as an administrative partition of a complex distributed system, as in MHS private management domain (PRMD), and directory management domain (DMD).

domain name

The name assigned to a group of systems on a local network that share DNS administrative files. The domain name is required for the network information service database to work properly. See also domain.

Domain Name System (DNS)

A system that provides the naming policy and mechanisms for mapping domain and machine names to addresses outside of the enterprise, such as those on the Internet. DNS is the network information service used by the Internet.

encryption key

See data encrypting key.

enterprise-level name service

An enterprise-level naming service identifies (names) machines (hosts), users and files within an enterprise-level network. FNS also allows naming of organizational units, geographic sites, and application services.

enterprise-level network

An "enterprise-level" network can be a single Local Area Network (LAN) communicating over cables, infra-red beams, or radio broadcast; or a cluster of two or more LANs linked together by cable or direct phone connections. Within an enterprise-level network, every machine is able to communicate with every other machine without reference to a global naming service such as DNS or X.500/LDAP.

enterprise root

In FNS (XFN), the root context of an enterprise. A context for naming objects found at the root of the enterprise namespace.


A single row of data in a database table.

federated naming service

The service offered by a federated naming system.

federated naming system

An aggregation of autonomous naming systems that cooperate to support name resolution of composite names through a standard interface. Each member of a federation has autonomy in its choice of operations other than name resolution.

federated namespace

An FNS (XFN) term referring to the set of all possible names generated according to the policies that govern the relationships among member naming systems and their respective namespaces.


See Federated naming service.

generic context

In FNS (XFN), a context for binding names used in applications.


See group ID.

global context

In FNS (XFN), a context for naming objects that have global names (currently, DNS and X.500 are the only global naming systems specified by XFN).

global name service

A global naming service identifies (names) those enterprise-level networks around the world that are linked together via phone, satellite, or other communication systems. This world-wide collection of linked networks is known as the "Internet." In addition to naming networks, a global naming service also identifies individual machines and users within a given network.


(1) A collection of users who are referred to by a common name.

(2) In NIS+ a collection of users who are collectively given specified access rights to NIS+ objects. NIS+ group information is stored in the NIS+ group table.

(3) In UNIX, groups determine a user's access to files. There are two types of groups: default user group and standard user group.

group ID

A number that identifies the default group for a user.

host context

In FNS (XFN), a context for naming objects related to a computer.

implicit naming system pointer

An FNS (XFN) term referring to an unnamed reference that points to a context in another naming system.

indexed name

A naming format used to identify an entry in a table.

initial context

In FNS (XFN), every XFN name is interpreted relative to some context, and every XFN naming operation is performed on a context object. The XFN interface provides a function that allows the client to obtain an initial context object that provides a starting point for resolution of composite names.

initial context function

An FNS function, fn_ctx_handle_from_initial(), that obtains the initial context which allows a client to obtain an initial starting point for name resolution.


The world-wide collection of networks interconnected by a set of routers that enable them to function and communicate with each other as a single virtual network.

Internet address

A 32-bit address assigned to hosts using TCP/IP. See decimal dotted notation.


Internet Protocol. The network layer protocol for the Internet protocol suite.

IP address

A unique number that identifies each host in a network.


An FNS (XFN) term referring to a name in one namespace bound to a context in the next naming system.

key (column)

An NIS+ table entry's data can be accessed from any column, regardless of that table's key.

key (encrypting)

A key used to encipher and decipher other keys, as part of a key management and distribution system. Contrast with data encrypting key.

key server

A Solaris operating environment process that stores private keys.

local-area network (LAN)

Multiple systems at a single geographical site connected together for the purpose of sharing and exchanging data and software.

mail exchange records

Files that contain a list of DNS domain names and their corresponding mail hosts.

mail hosts

A workstation that functions as an email router and receiver for a site.

master server

The server that maintains the master copy of the network information service database for a particular domain. Namespace changes are always made to the name service database kept by the domain's master server. Each domain has only one master server.


Management information systems (or services)

naming convention

In FNS (XFN), every name is generated by a set of syntactic rules called a naming convention.

name resolution

The process of translating workstation or user names to addresses.

name server

Servers that run one or more network name services.

name service switch

A configuration file (/etc/nsswitch.conf) that defines the sources from which an NIS+ client can obtain its network information.

name service

A network service that handles machine, user, printer, domain, router, an other network names and addresses.


(1) A namespace stores information that users, workstations, and applications must have to communicate across the network.

(2) The set of all names in a naming system.

(3) NIS+ namespace, A collection of hierarchical network information used by the NIS+ software.

(4) NIS namespace. A collection of non-hierarchical network information used by the NIS software.

(5) DNS namespace. A collection of networked workstations that use the DNS software.

namespace identifier

An FNS (XFN) term referring to a special atomic name used to refer to the root of a namespace.

naming system

In FNS (XFN), a connected set of contexts of the same type (having the same naming convention) and providing the same set of operations with identical semantics. In the UNIX operating environment, for example, the set of directories in a given file system (and the naming operations on directories) constitutes a naming system.

network mask

A number used by software to separate the local subnet address from the rest of a given Internet protocol address.

next naming system pointer (NNSP)

In FNS (XFN), a reference to a context in which composite names from subordinate naming systems are resolved.

network password

See Secure RPC password.


A distributed network information service containing key information about the systems and the users on the network. The NIS database is stored on the master server and all the replica or slave servers.

NIS maps

A file used by NIS that holds information of a particular type, for example, the password entries of all users on a network or the names of all host machines on a network. Programs that are part of the NIS service query these maps. See also NIS.


A distributed network information service containing hierarchical information about the systems and the users on the network. The NIS+ database is stored on the master server and all the replica servers.

NIS-compatibility mode

A configuration of NIS+ that allows NIS clients to have access to the data stored in NIS+ tables. When in this mode, NIS+ servers can answer requests for information from both NIS and NIS+ clients.

NIS+ environment

For administrative purposes, an NIS+ environment refers to any situation in which the applicable nsswitch.conf file points to nisplus. Or any time a command is run with an option that forces it to operate on objects in an NIS+ namespace (for example, passwd -r nisplus).

NIS+ object

An NIS+ domain, directory, table, or group. See domain, directory, group, and table.

NIS+ principal

See principal.

NIS+ transaction log

A file that contains data updates destined for the NIS+ tables about objects in the namespace. Changes in the namespace are stored in the transaction log until they are propagated to replicas. The transaction log is cleared only after all of a master server's replicas have been updated.


See next naming system pointer.

organizational units

In FNS (XFN), an enterprise is organized into organizational units such as centers, laboratories, departments, divisions, and so on. An organizational unit is a subunit of an enterprise.

organizational unit context

In FNS (XFN), a context for naming objects related to an organizational unit within an enterprise.

parent context

In FNS (XFN), a context in which this context and its siblings are bound.

parent domain

See domain.


The process by which an NIS+ master server transfers a change a NIS+ data to the domain's replica servers.

preference rank number

A number which a machine uses to rank the order in which it tries to obtain namespace information from NIS+ servers. A machine will first try all servers with a given rank number before trying any server with the next highest rank number. For example, a machine will query NIS+ servers with a rank number of 0 before it queries any server with a rank number of 1.

preferred server

From the point of view of a client machine, a preferred NIS+ server is a server that the client should try to use for namespace information ahead of non-preferred servers. Servers that are listed in a client or domain's preferred server list are considered preferred servers for that client or domain.

preferred server list

A client_info table or a client_info file. Preferred server lists specify the preferred servers for a client or domain.


Any user of NIS+ information whose credentials have been stored in the namespace. Any user or machine that can generate a request to a NIS+ server. There are two kinds of NIS+ principal: client users and client machines:

  • Root principal. A machine root user (user ID = 0). Requires only a DES credential.

  • User principal. Any nonroot user (user ID > 0). Requires local and DES credentials.

private key

The private component of a pair of mathematically generated numbers, which, when combined with a private key, generates the DES key. The DES key in turn is used to encode and decode information. The private key of the sender is only available to the owner of the key. Every user or machine has its own public and private key pair.

public key

The public component of a pair of mathematically generated numbers, which, when combined with a private key, generates the DES key. The DES key in turn is used to encode and decode information. The public key is available to all users and machines. Every user or machine has their own public and private key pair.

populate tables

Entering data into NIS+ tables either from files or from NIS maps.


See entry.


An FNS (XFN) term referring to the thing bound to a name. It contains addresses identifying the communication endpoints of the object.

remote procedure call (RPC)

An easy and popular paradigm for implementing the client-server model of distributed computing. A request is sent to a remote system to execute a designated procedure, using arguments supplied, and the result is returned to the caller.

replica server

NIS+ server that maintains a duplicate copy of the domain's master NIS+ server database. Replicas run NIS+ server software and maintain copies of NIS+ tables. A replica server increases the availability of NIS+ services. Each NIS+ domain should have at least one, and perhaps more, replicas. (In an NIS namespace, a replica server was known as a slave server.)

reverse resolution

The process of converting workstation IP addresses to workstation names using the DNS software.

root context

In FNS (XFN), a context for naming the objects found in the root of the namespace.

root domain

See domain.

root master server

The master server for a NIS+ root domain.

root replica server

NIS+ server that maintains a duplicate copy of the root domain's master NIS+ server database.


See remote procedure call (RPC).

Secure RPC password

Password required by Secure RPC protocol. This password is used to encrypt the private key. This password should always be identical to the user's login password.


(1) In NIS+, NIS, DNS, and FNS (XFN) a host machine providing naming services to a network.

(2) In the client-server model for file systems, the server is a machine with computing resources (and is sometimes called the compute server), and large memory capacity. Client machines can remotely access and make use of these resources. In the client-server model for window systems, the server is a process that provides windowing services to an application, or "client process." In this model, the client and the server can run on the same machine or on separate machines.

(3) A daemon that actually handles the providing of files.

server list

See preferred server list.

service context

In FNS (XFN), a context for naming objects that provide services.

site context

In FNS (XFN), a context for naming objects related to a physical site.

slave server

(1) A server system that maintains a copy of the NIS database. It has a disk and a complete copy of the operating environment.

(2) Slave servers are called replica servers in NIS+.

strong separation

An FNS (XFN) term referring to cases where the XFN context treats the XFN component separator as the naming system boundary.


In FNS (XFN), a context bound within another context.


A working scheme that divides a single logical network into smaller physical networks to simplify routing.


In NIS+ a two-dimensional (nonrelational) database object containing NIS+ data in rows and columns. (In NIS an NIS map is analogous to a NIS+ table with two columns.) A table is the format in which NIS+ data is stored. NIS+ provides 16 predefined or system tables. Each table stores a different type of information.


See Transport Control Protocol (TCP).


Acronym for Transport Control Protocol/Interface Program. The protocol suite originally developed for the Internet. It is also called the Internet protocol suite. Solaris networks run on TCP/IP by default.

Transport Control Protocol (TCP)

The major transport protocol in the Internet suite of protocols providing reliable, connection-oriented, full-duplex streams. Uses IP for delivery. See TCP/IP.

user context

In FNS (XFN), a context for naming objects related to a human user.

weak separation

An FNS (XFN) term referring to cases where the XFN context does not treat the XFN component separator as the naming system boundary.

wide-area network (WAN)

A network that connects multiple local-area networks (LANs) or systems at different geographical sites via phone, fiber-optic, or satellite links.

XFN link

In FNS (XFN), a special form of reference that has a composite name as an address. Like any other type of reference, an XFN link is bound to an atomic name in a context.


A global-level directory service defined by an Open Systems Interconnection (OSI) standard.