NIS+ protects the structure of the namespace, and the information it stores, by the complementary processes of authorization and authentication.
Authorization. Every component in the namespace specifies the type of operation it will accept and from whom. This is authorization.
Authentication. NIS+ attempts to authenticate every request for access to the namespace. Requests come from NIS+ principals. An NIS+ principal can be a process, machine, root, or a user. Valid NIS+ principals possess an NIS+ credential. NIS+ authenticates the originator of the request (principal) by checking the principal's credential.
If the principal possesses an authentic (valid) credential, and if the principal's request is one that the principal is authorized to perform, NIS+ carries out the request. If either the credential is missing or invalid, or the request is not one the principal is authorized to perform, NIS+ denies the request for access. A much fuller description of the entire NIS+ security system is provided in Chapter 6, Security Overview, and Part II