NIS+ Transition Guide

Deciding How to Transfer Information Between Services

To keep information synchronized, be sure to make one namespace subordinate to the other. At first, the NIS namespace may be the dominant one, in which case you would make changes to the NIS maps and load them into the NIS+ tables. In effect, the NIS namespace would be the master database.

An NIS+ server in NIS-compatibility mode supports standard NIS maps. An exhaustive list of these maps is in the Notes section of the ypfiles(4) man page. However, there are some limitations on map support: The NIS+ server serves ypmatch requests only on the netgroup map, and not on the reverse maps. It does not support enumeration requests on the netgroup map (for example, ypcat). The passwd.adjunct map is not supported, either.

Eventually, the NIS+ namespace should be dominant. When that is the case, you make changes in the NIS+ tables and copy them to the NIS maps.

The NIS+ nisaddent command and the NIS+ nispopulate script transfer information between NIS maps and NIS+ tables, as summarized in Table 4-1.

Table 4-1 Commands for Changing Information in the Passwd Table

NIS+ Command  


/usr/lib/nis/nisaddent -y

Transfers information from an NIS map to an NIS+ table after you run ypxfr to transfer maps from an NIS server to the local disk. Nonstandard NIS maps can be transferred to NIS+ tables if the information is in key-value pairs. Multicolumned maps will be not be transferred.

/usr/lib/nis/nisaddent -d

Copies information from an NIS+ table to a file, which can then be transferred to an NIS map with standard NIS utilities. 

/usr/lib/nis/nispopulate -Y

Transfers information from NIS maps to NIS+ tables. 

In versions of NIS+ previous to the Solaris 2.5 release, it was necessary to use separate password commands (passwd, yppasswd, nispasswd) to handle password matters, depending on whether a user's password information was stored in /etc files, NIS maps, or NIS+ tables. Starting with the Solaris 2.5 release, all of these matters are handled automatically by the passwd or passwd -r nisplus commands and are controlled by the passwd entry in the user's nsswitch.conf file.

In order to properly implement the passwd command and password aging on your NIS+ or NIS-compatible network, the passwd entry of the nsswitch.conf file on every machine must be correct. This entry determines where the passwd command goes for password information and where it updates password information.

Only five passwd entry configurations are permitted:

Example 4-1 Permitted passwd nsswitch.conf Entries

passwd: files nis
passwd: files nisplus
passwd: compat
passwd_compat: nisplus

Caution - Caution -

All of the nsswitch.conf files on all of your network's workstations must use one of the passwd configurations shown above. If you configure the passwd entry in any other way, users may not be able to log in.

In domains created with NIS-compatibility mode, the permissions are slightly different: permissions at the table level must be set to provide read rights to the world class, and at the column level, permissions must provide read access to the nobody class.