Credential information for principals is stored in a cred table. The cred table is one of the 16 standard NIS+ tables. Each domain has one cred table, which stores the credential information of client workstations that belong to that domain and client users who are allowed to log into them. (In other words, the principals of that domain.) The cred tables are located in their domains' org_dir subdirectory.
Never link a cred table. Each org_dir directory must have its own cred table. Never use a link to some other org_dir cred table.
For users, the cred table stores LOCAL credential information for all users who are allowed to log into any of the machines in the domain. The cred table also stores DES credential information for those users that have the domain as their home domain.
You can view the contents of a cred table with the niscat command, described in Chapter 14, Administering NIS+ Tables.
The cred table as shown in Table 7-3 has five columns:
Table 7-3 cred Table Credential Information
NIS+ Principal Name |
Authentication Type |
Authentication Name |
Public Data |
Private Data |
|
---|---|---|---|---|---|
Column Name |
cname |
auth_type |
auth_name |
public_data |
private_data |
User |
Fully qualified principal name |
LOCAL |
UID |
GID list |
|
Machine |
Fully qualified principal name |
DES |
Secure RPC netname |
Public key |
Encrypted Private key |
The Authentication Type column, determines the types of values found in the other four columns.
LOCAL. If the authentication type is LOCAL, the other columns contain a principal user's name, UID, and GID; the last column is empty.
DES. If the authentication type is DES, the other columns contain a principal's name, Secure RPC netname, public key, and encrypted private key. These keys are used in conjunction with other information to encrypt and decrypt a DES credential.