ONC+ Developer's Guide

NIS+ Overview

This section describes various aspects of the NIS+ network name service.

NIS+ Domains

NIS+ supports hierarchical domains, as illustrated in the following figure.

Figure 9–1 NIS+ Domain

This graphic depicts a typical domain tree, with four subdomains branching off a main domain.

A NIS+ domain is a set of data describing the workstations, users, and network services in a portion of an organization. NIS+ domains can be administered independently of each other. This independence enables NIS+ to be used in a range of networks, from small to very large.

NIS+ and Servers

Each domain is supported by a set of servers. The principal server is called the master server, and the backup servers are called replicas. Both master and replica servers run NIS+ server software. The master server stores the original tables, and the backup servers store copies.

NIS+ accepts incremental updates to the replicas. Changes are first made on the master server. Then they are automatically propagated to the replica servers and are soon available to the entire namespace.

NIS+ Tables

NIS+ stores information in tables instead of maps or zone files. NIS+ provides 16 types of predefined, or system, tables, which are named in the following list:

Each table stores a different type of information. For instance, the Hosts table stores host name/Internet address pairs, and the Password table stores information about users of the network.

NIS+ tables have two major improvements over NIS maps. First, a NIS+ table can be accessed by any column, not just the first column, which is sometimes referred to as the “key.” This access eliminates the need for duplicate maps, such as the hosts.byname and hosts.byaddr maps of NIS. Second, access to the information in NIS+ tables can be controlled at three levels of granularity: the table level, the entry level, and the column level.

NIS+ Security

The NIS+ security model provides both authorization and authentication mechanisms. For authorization, every object in the namespace specifies the type of operation it accepts and from whom. NIS+ attempts to authenticate every requestor accessing the namespace. After it identifies the originator of the request, it determines whether the object has authorized that particular operation for that particular principal. Based on its authentication and the object's authorization, NIS+ carries out or denies the access request.

Name Service Switch

NIS+ works in conjunction with a separate facility called the Name Service Switch. The Name Service Switch, sometimes referred to as “the Switch,” enables Solaris-based workstations to obtain their information from more than one network information service. They can get the information from local, or /etc files, from NIS maps, from DNS zone files, or from NIS+ tables. The Switch not only offers a choice of sources, but allows a workstation to specify different sources for different types of information. The name service is configured through the file /etc/nsswitch.conf.

NIS+ Administration Commands

NIS+ provides a full set of commands for administering a namespace, as listed in the following table.

Table 9–1 NIS+ Namespace Administration Commands




Changes the group owner of a NIS+ object. 


Changes an object's access rights. 


Changes the owner of a NIS+ object. 


Creates or destroys a NIS+ group, or displays a list of its members. Also adds members to a group, removes them, or tests them for membership in the group. 


Displays the contents of NIS+ tables. 


Searches for entries in a NIS+ table. 


Lists the contents of a NIS+ directory. 


Searches for entries in a NIS+ table. 


Adds information from /etc files or NIS maps into NIS+ tables.


Creates or deletes NIS+ tables, and adds, modifies, or deletes entries in a NIS+ table.  


Creates credentials for NIS+ principals and stores them in the Cred table. 


Changes password information stored in the NIS+ Passwd table.  


Updates the public keys stored in a NIS+ object. 


Initializes a NIS+ client or server. 


Creates a NIS+ directory and specifies its master and replica servers. 


Removes NIS+ directories and replicas from the namespace. 


Creates org_dir and groups_dir directories and a complete set of (unpopulated) NIS+ tables for a NIS+ domain.


The NIS+ server process. 


Starts the NIS+ Cache Manager on a NIS+ client. 


Changes a NIS+ object's time to live value. 


Lists a NIS+ object's default values: domain name, group name, workstation name, NIS+ principal name, access rights, directory search path, and time-to-live. 


Creates a symbolic link between two NIS+ objects. 


Removes NIS+ objects (except directories) from the namespace. 


Lists the contents of the NIS+ shared cache maintained by the NIS+ Cache Manager.