Trusted Solaris Installation and Configuration

To Set the Stage

As root, create a staging area for files you plan to use to populate the NIS+ databases.

You can place the staging area wherever you have enough space. Usually a few megabytes is more than enough room to store some files temporarily.
# mkdir -p /setup/files

Copy the sample /etc files into the staging area.

Most of the files you need already exist on the installed system and have enough data in them to get you started. The following files in the /etc directory are usually not found on a newly installed system: bootparams, ethers, netgroup, netmasks, and timezone. You can create these with an editor, load them from a backup diskette, or merely create empty versions of these files, so that the NIS+ tables are created all at once. If you choose not to create these files, you can create them later, but the nispopulate(1M) command may print out a few warning messages.

# cd /etc
# touch bootparams ethers netgroup netmasks timezone
# cp bootparams ethers netgroup netmasks timezone \
aliases auto_home auto_master group hosts networks \
protocols rpc services /setup/files

Three Trusted Solaris files need to be renamed when copied into the staging area. Three others are copied without changing their names.

# cp passwd.roles /setup/files/passwd
# cp shadow.roles /setup/files/shadow
# 
# cd /etc/security/tsol
# 
# cp tsoluser.roles /setup/files/tsoluser
# cp tsolprof tnrhdb tnrhtp /setup/files

Check that all the files are now in your staging area; there are 20.

# cd /setup/files
# ls | wc -l

		WARNING: Command operating outside of the Trusted Path!
	20

Edit the hosts file in your staging area.
1. Change the permissions on the file.
  # chmod u+w /setup/files/hosts
2. Open the Admin Editor and enter /setup/files/hosts for editing.
  
  For more detailed instructions, see "To Create or Open a File from the Trusted Editor".
  
  The file already contains the NIS+ root master (that is, this host's address) and the static routers, if any.
  1. Add every workstation that will be in the Trusted Solaris 7 domain.
    
    There is no fallback mechanism here. The IP address of every workstation to be contacted must be in this file.
    
    Caution -
    Failure to include a workstation will cause client authentication to fail; the NIS+ client will have no credentials.
  2. Add every other workstation with which the domain can communicate.
  3. Write the file and exit the editor.

Modify other files in your staging area as necessary.

Caution -
Do not modify the files: tsolprof, tsoluser, passwd, or shadow. You will modify these using the User Manager and Profile Manager.

There is enough information in your staging area to convert your host to a NIS+ master. However, if you are restoring a former NIS+ domain from files, you may want to merge some of your saved files with those in the staging area at this time.

Caution -
If you choose to edit any files, you must be very careful to provide all of the information necessary in the correct formats before populating the NIS+ tables. Failure to do so can result in the inability to further administer or use the system.