System Administration Guide: Naming and Directory Services (NIS+)

Chapter 23 Information in NIS+ Tables

This chapter summarizes the information stored in the default NIS+ tables supplied in the Solaris software. This information is also documented in the corresponding man pages.

Note –

NIS+ might not be supported in a future release. Tools to aid the migration from NIS+ to LDAP are available as of the Solaris 9 release. For more information, see System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) and visit NIS+ End-of-Feature (EOF) Announcement FAQ.

NIS+ Tables

In an NIS+ environment, most namespace information is stored in NIS+ tables.

Without a naming service, most network information would be stored in /etc files and almost all NIS+ tables have corresponding /etc files. With the NIS service, you stored network information in NIS maps that also mostly corresponded with /etc files.

Note –

This chapter describes only those that are distributed as part of NIS+. Users and application developers frequently create NIS+ compatible tables for their own purposes. For information about tables created by users and developers, you must consult the documentation that they provide.

All NIS+ tables are stored in the domain's org_dir NIS+ directory object except the admin and groups tables that are stored in the groups_dir directory object.

Note –

Do not link table entries. Tables can be linked to other tables, but do not link an entry in one table to an entry in another table.

NIS+ Tables and Other Name Services

In the Solaris system the name service switch file (nsswitch.conf) allows you to specify one or more sources for different types of namespace information. In addition to NIS+ tables, sources can be NIS maps, DNS zone files, or /etc tables. The order in which you specify them in the switch file determines how the information from different sources is combined. (See Chapter 1, Name Service Switch for more information on the switch file.)

NIS+ Table Input File Format

If you are creating input files for any of these tables, most tables share two formatting requirements:

If a particular table has different or additional format requirements, they are described under the heading, “Input File Format.”

auto_home NIS+ Table

The auto_home table is an indirect automounter map that enables an NIS+ client to mount the home directory of any user in the domain. It does this by specifying a mount point for each user's home directory, the location of each home directory, and mount options, if any. Because it is an indirect map, the first part of the mount point is specified in the auto_master table, which is, by default, /home. The second part of the mount point (that is, the subdirectory under /home) is specified by the entries in the auto_home map, and is different for each user.

The auto_home table has two columns.

Table 23–1 auto_home Table





Mount point 

The login name of every user in the domain 



Options & location 

The mount options for every user, if any, and the location of the user's home directory 

For example:

costas barcelona:/export/partition2/costas

The home directory of the user costas, which is located on the server barcelona, in the directory /export/partition2/costas, would be mounted under a client's /home/costas directory. No mount options were provided in the entry.

auto_master NIS+ Table

The auto_master table lists all the automounter maps in a domain. For direct maps, the auto_master table provides a map name. For indirect maps, it provides both a map name and the top directory of its mount point. The auto_master table has two columns.

Table 23–2 auto_master Table





Mount point 

The top directory into which the map will be mounted. If the map is a direct map, this is a dummy directory, represented with /-.


Map name 

The name of the automounter map 

For example, assume these entries in the auto_master table:

/home auto_home
 /programs auto_programs

The first entry names the auto_home map. It specifies the top directory of the mount point for all entries in the auto_home map: /home. (The auto_home map is an indirect map.) The second entry names theauto_man map. Because that map is a direct map, the entry provides only the map name. The auto_man map will itself provide the topmost directory, as well as the full path name, of the mount points for each of its entries. The third entry names the auto_programs map and, since it provides the top directory of the mount point, the auto_programs map is an indirect map.

All automounter maps are stored as NIS+ tables. By default, the Solaris system provides the auto_master map, which is mandatory, and the auto_home map, which is a great convenience.

You can create more automounter maps for a domain, but be sure to store them as NIS+ tables and list them in the auto_master table. When creating additional automount maps to supplement auto_master (which is created for you), the column names must be key and value. For more information about the automounter consult your automounter or NFS file system documentation.

bootparams NIS+ Table

The bootparams table stores configuration information about every diskless machine in a domain. A diskless machine is a machine that is connected to a network, but has no hard disk. Since it has no internal storage capacity, a diskless machine stores its files and programs in the file system of a server on the network. It also stores its configuration information – or boot parameters – on a server.

Because of this arrangement, every diskless machine has an initialization program that knows where this information is stored. If the network has no name service, the program looks for this information in the server's /etc/bootparams file. If the network uses the NIS+ name service, the program looks for it in the bootparams table, instead.

The bootparams table can store any configuration information about diskless machines. It has two columns: one for the configuration key, another for its value. By default, it is set up to store the location of each machine's root, swap, and dump partitions.

The default bootparams table has only two columns that provide the following items of information.

Table 23–3 bootparams Table






The diskless machine's official host name, as specified in the hosts table 



Root partition: the location (server name and path) of the machine's root partition 



Swap partition: the location (server name and path) of the machine's swap partition 



Dump partition: the location (server name and path) of the machine's dump partition 



Install partition. 




Input File Format

The columns are separated with a TAB character. Backslashes (\) are used to break a line within an entry. The entries for root, swap, and dump partitions have the following format:

client-name root=server:path \
swap=server:path \ 
dump=server:path \
install=server:path \

Here is an example:

buckarooroot=bigriver:/export/root1/buckaroo \
 swap=bigriver:/export/swap1/buckaroo \
 dump=bigriver:/export/dump/buckaroo \
 install=bigriver:/export/install/buckaroo \

Additional parameters are available for x86-based machines. See the bootparams man page for additional information.

client_info NIS+ Table

The client_info table is an optional internal NIS+ table used to store server preferences for the domain in which it resides. This table is created and maintained with the nisprefadm command.

Caution – Caution –

Only use nisprefadm to work with this table. Do not use any other NIS+ commands on this table.

cred NIS+ Table

The cred table stores credential information about NIS+ principals. Each domain has one cred table, which stores the credential information of client machines that belong to that domain and client users who are allowed to log into them. (In other words, the principals of that domain.) The cred tables are located in their domains' org_dir subdirectory.

Note –

Do not link a cred table. Each org_dir directory should have its own cred table. Do not use a link to some other org_dir cred table.

The cred table has five columns.

Table 23–4 cred Table

NIS+ Principal Name 

Authentication Type 

Authentication Name 

Public Data 

Private Data 

Principal name of a principal user 



GID list 


Principal name of a principal user or machine 


Secure RPC netname 

Public key 

Encrypted private key 

The second column, authentication type, determines the types of values found in the other four columns.

See Chapter 12, Administering NIS+ Credentials for additional information on credentials and the cred table.

ethers NIS+ Table

The ethers table stores information about the 48-bit Ethernet addresses of machines on the Internet. It has three columns.

Table 23–5 ethers Table






The 48-bit Ethernet address of the machine 



The name of the machine, as specified in the hosts table 



An optional comment about the entry 

An Ethernet address has the form:

n:n:n:n:n:n hostname

where n is a hexadecimal number between 0 and FF, representing one byte. The address bytes are always in network order (most significant byte first).

group NIS+ Table

The group table stores information about UNIX user groups. The group table has four columns.

Table 23–6 group Table




The group's name 


The group's password 


The group's numerical ID 


The names of the group members, separated by commas 

Earlier Solaris releases used a +/- syntax in local /etc/group files to incorporate or overwrite entries in the NIS group maps. Since the Solaris system uses the name service switch file to specify a machine's sources of information, this is no longer necessary. All you have to do in Solaris Release 2x systems is edit a client's /etc/nsswitch.conf file to specify files, followed by nisplus as the sources for the group information. This effectively adds the contents of the group table to the contents of the client's /etc/group file.

hosts NIS+ Table

The hosts table associates the names of all the machines in a domain with their IP addresses. The machines are usually also NIS+ clients, but they don't have to be. Other tables, such as bootparams, group, and netgroup, rely on the network names stored in this table. They use them to assign other attributes, such as home directories and group memberships, to individual machines. The hosts table has four columns.

Table 23–7 hosts Table




The machine's IP address (network number plus machine ID number) 


The machine's official name 


A name used in place of the host name to identify the machine 


An optional comment about the entry 

mail_aliases NIS+ Table

The mail_aliases table lists the domain's mail aliases recognized by sendmail. It has four columns.

Table 23–8 mail_aliases Table




The name of the alias 


A list containing the members that receive mail sent to this alias; members can be users, machines, or other aliases 


An optional comment about the entry 


(See man page for options) 

Input File Format

Each entry has the following format:


To extend an entry over several lines, use a backslash.

netgroup NIS+ Table

The netgroup table defines network wide groups used to check permissions for remote mounts, logins, and shells. The members of net groups used for remote mounts are machines; for remote logins and shells, they are users.

Note –

Users working on a client machine being served by an NIS+ server running in compatibility mode cannot run ypcat on the netgroup table. Doing so will give you results as if the table were empty even if it has entries.

The netgroup table has six columns.

Table 23–9 netgroup Table






The name of the network group 



Another group that is part of this group 



The name of a host 



A user's login name 



A domain name 



An optional comment about the entry 

Input File Format

The input file consists of a group name and any number of members:

groupname member-list...

The member list can contain the names of other net groups or an ordered member list with three fields or both:

member-list::=groupname | (hostname, username, domainname)

The first field of the member list specifies the name of a machine that belongs to the group. The second field specifies the name of a user that belongs to the group. The third field specifies the domain in which the member specification is valid.

A missing field indicates a wildcard. For example, the netgroup specification shown below includes all machines and users in all domains:

everybody ( , , )

A dash in a field is the opposite of a wildcard; it indicates that no machines or users belong to the group. Here are two examples:

(host1, -, (-,joe,

The first specification includes one machine, host1, in the domain, but excludes all users. The second specification includes one user in the domain, but excludes all machines.

netmasks NIS+ Table

The netmasks table contains the network masks used to implement standard Internet subnetting. The table has three columns.

Table 23–10 netmasks Table




The IP number of the network 


The network mask to use on the network 


An optional comment about the entry 

For network numbers, you can use the conventional IP dot notation used by machine addresses, but leave zeros in place of the machine addresses. For example, this entry

means that class B network should have 24 bits in its subnet field, and 8 bits in its host field.

networks NIS+ Table

The networks table lists the networks of the Internet. This table is normally created from the official network table maintained at the Network Information Control Center (NIC), though you might need to add your local networks to it. It has four columns.

Table 23–11 networks Table




The official name of the network, supplied by the Internet 


The official IP number of the network 


An unofficial name for the network 


An optional comment about the entry 

passwd NIS+ Table

The passwd table contains information about the accounts of users in a domain. These users generally are, but do not have to be, NIS+ principals. Remember though, that if they are NIS+ principals, their credentials are not stored here, but in the domain's cred table. The passwd table usually grants read permission to the world (or to nobody).

Note –

The passwd table should not have an entry for the user root (user ID 0). Root's password information should be stored and maintained in the machine's /etc files.

The information in the passwd table is added when users' accounts are created.

The passwd table contains the following columns.

Table 23–12 passwd Table




The user's login name, which is assigned when the user's account is created; the name can contain no uppercase characters and can have a maximum of eight characters 


The user's encrypted password 


The user's numerical ID, assigned when the user's account is created 


The numerical ID of the user's default group 


The user's real name plus information that the user wishes to include in the From: field of a mail-message heading; an “&” in this column simply uses the user's login name 


The path name of the user's home directory. 


The user's initial shell program; the default is the Bourne shell: /usr/bin/sh.


(See Table 23–13.)

The passwd table shadow column stores restricted information about user accounts. It includes the following information.

Table 23–13 passwd Table Shadow Column




The number of days between January 1, 1970, and the date the password was last modified 


The minimum number of days recommended between password changes 


The maximum number of days that the password is valid 


The number of days' warning a user receives before being notified that his or her password has expired 


The number of days of inactivity allowed for the user 


An absolute date past which the user's account is no longer valid 


Reserved for future use: currently set to 0. 

Earlier Solaris releases used a +/- syntax in local /etc/passwd files to incorporate or overwrite entries in the NIS password maps. Since the Solaris 2x release uses the name service switch file to specify a machine's sources of information, this is no longer necessary. All you have to do in Solaris Release 2x systems is edit a client's /etc/nsswitch.conf file to specify files, followed by nisplus as the sources for the passwd information. This effectively adds the contents of the passwd table to the contents of the /etc/passwd file.

However, if you still want to use the +/- method, edit the client's nsswitch.conf file to add compat as the passwd source if you are using NIS. If you are using NIS+, add passwd_compat: nisplus.

protocols NIS+ Table

The protocols table lists the protocols used by the Internet. It has four columns.

Table 23–14 protocols Table




The protocol name 


An unofficial alias used to identify the protocol 


The number of the protocol 


Comments about the protocol 

rpc NIS+ Table

The rpc table lists the names of RPC programs. It has four columns.

Table 23–15 rpc Table




The name of the program 


Other names that can be used to invoke the program 


The program number 


Comments about the RPC program 

Here is an example of an input file for the rpc table:

# rpc file
rpcbind	00000	portmap	sunrpc	portmapper
rusersd	100002	rusers
nfs	100003	nfsprog
mountd	100005	mount	showmount
walld	100008	rwall	shutdown
sprayd	100012	spray
llockmgr	100020
nlockmgr	100021
status	100024
bootparam	100026
keyserv	100029	keyserver
nisd	100300	rpc.nisd

services NIS+ Table

The services table stores information about the Internet services available on the Internet. It has five columns.

Table 23–16 services Table




The official Internet name of the service 


The list of alternate names by which the service can be requested 


The protocol through which the service is provided (for instance, 512/tcp) 


The port number 


Comments about the service 

timezone NIS+ Table

The timezone table lists the default timezone of every machine in the domain. The default time zone is used during installation but can be overridden by the installer. The table has three columns.

Table 23–17 timezone Table




The name of the domain 


The name of the time zone (for example, US/Pacific) 


Comments about the time zone 

Additional Default Tables

For information the other default tables:

Refer to the appropriate section (4) man pages.