Documentation Home
> System Administration Guide: Naming and Directory Services (FNS and NIS+)
System Administration Guide: Naming and Directory Services (FNS and NIS+)
Book Information
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
U
V
W
X
Y
Preface
Part I About Naming and Directory Services
Chapter 1 The Name Service Switch
About the Name Service Switch
Format of the nsswitch.conf File
Search Criteria
Switch Status Messages
Switch Action Options
Default Search Criteria
What if the Syntax is Wrong?
Auto_home and Auto_master
Timezone and the Switch File
Comments in nsswitch.conf Files
Keyserver and publickey Entry in the Switch File
The nsswitch.conf Template Files
The Default Switch Template Files
The nsswitch.conf File
Selecting a Different Configuration File
Modifying the name service switch
How to Enable an NIS+ Client to Use IPv6
Ensuring Compatibility With +/- Syntax
The Switch File and Password Information
Part II NIS+ Setup and Configuration
Chapter 2 NIS+: An Introduction
About NIS+
What NIS+ Can Do for You
How NIS+ Differs From NIS
NIS+ Security
Solaris 1.x Releases and NIS-Compatibility Mode
NIS+ Administration Commands
NIS+ API
Setup and Configuration Preparation
NIS and NIS+
NIS+ Files and Directories
Structure of the NIS+ Namespace
Directories
Domains
Servers
How Servers Propagate Changes
NIS+ Clients and Principals
Principal
Client
The Cold-Start File and Directory Cache
An NIS+ Server Is Also a Client
Naming Conventions
NIS+ Domain Names
Directory Object Names
Tables and Group Names
Table Entry Names
Host Names
NIS+ Principal Names
Accepted Name Symbols
NIS+ Name Expansion
NIS_PATH Environment Variable
Preparing the Existing Namespace
Two Configuration Methods
Chapter 3 NIS+ Setup Scripts
About the NIS+ Scripts
What the NIS+ Scripts Will Do
What the NIS+ Scripts Will Not Do
Chapter 4 Configuring NIS+ With Scripts
NIS+ Configuration Overview
Creating a Sample NIS+ Namespace
Summary of NIS+ Scripts Command Lines
Setting Up NIS+ Root Servers
Prerequisites to Running nisserver
Information You Need
How to Create a Root Master Server
How to Change Incorrect Information
How to Set Up a Multihomed NIS+ Root Master Server
Populating NIS+ Tables
Prerequisites to Running nispopulate
Information You Need
How to Populate the Root Master Server Tables
Setting Up NIS+ Client Machines
Prerequisites to Running nisclient
Information You Need
How to Initialize a New Client Machine
Creating Additional Client Machines
Initializing NIS+ Client Users
Prerequisites to Running nisclient
Information You Need
How to Initialize an NIS+ User
Setting Up NIS+ Servers
Prerequisites to Running rpc.nisd
Information You Need
Configuring a Client as an NIS+ Server
How to Configure a Server Without NIS Compatibility
How to Configure a Server With NIS Compatibility
How to Configure a Server With DNS and NIS Compatibility
Creating Additional Servers
Creating a Root Replica Server
Prerequisites to Running nisserver
Information You Need
How to Create a Root Replica
How to Set Up Multihomed NIS+ Replica Servers
Creating a Subdomain
Prerequisites to Running nisserver
Information You Need
How to Create a New Non-Root Domain
Creating Additional Domains
Populating the New Subdomain's Tables
Prerequisites to Running nispopulate
Information You Need
Populating the Master Server Tables
How to Populate the Tables From Files
How to Populate the Tables From NIS Maps
Creating Subdomain Replicas
Prerequisites to Running nisserver
Information You Need
How to Create a Replica
Initializing Subdomain NIS+ Client Machines
Prerequisites to Running nisclient
Information You Need
How to Initialize a New Subdomain Client Machine
Initializing Subdomain NIS+ Client Users
Prerequisites to Running nisclient
Information You Need
How to Initialize an NIS+ Subdomain User
Summary of Commands for the Sample NIS+ Namespace
Chapter 5 Setting Up the Root Domain
Introduction to Setting Up the Root Domain
Standard Versus NIS-Compatible Configuration Procedures
Establishing the Root Domain
Summary of Steps
Establishing the Root Domain—Task Map
Security Considerations
Prerequisites
Information You Need
How to Configure a Root Domain
Root Domain Configuration Summary
Chapter 6 Configuring NIS+ Clients
Introduction to Setting Up NIS+ Clients
Configuring the Client
Security Considerations
Prerequisites
Information You Need
Configuring the Client—Task Map
How to Configure an NIS+ Client
Setting Up DNS Forwarding
Changing a machine's Domain Name
Security Considerations
Information You Need
Changing a machine's Domain—Task Map
How to Change a Client's Domain Name
Initializing an NIS+ Client
Broadcast Initialization
Security Considerations
Prerequisites
Information You Need
Initializing an NIS+ Client—Task Map
How to Initialize a Client—Broadcast Method
Initializing a Client by Host Name
Security Considerations
Prerequisites
Information You Need
Initializing an NIS+ Client—Task Map
How to Initialize a Client—Host-name Method
Initializing Client Using a Cold-Start File
Security Considerations
Prerequisites
Information You Need
Initializing an NIS+ Client—Task Map
How to Initialize a Client—Cold-Start Method
NIS+ Client Configuration Summary
Chapter 7 Configuring NIS+ Servers
Setting Up an NIS+ Server
Standard Versus NIS-Compatible Configuration Procedures
Security Considerations
Prerequisites
Information You Need
How to Configure an NIS+ Server
Adding a Replica to an Existing Domain
Using NIS+ Commands to Configure a Replica Server
Security Considerations
Prerequisites
Information You Need
Using NIS+ Commands to Configure a Replica Server-Task Map
How to Configure a Replica Server With NIS+ Commands
Using nisrestore to Load Data on to a Replica Server
Security Considerations
Prerequisites
Using nisrestore to Load Data on to a Replica Server — Task Map
How to Load Namespace Data—nisrestore Method
Using nisping to Load Data on to a Replica Server
Security Considerations
Prerequisites
Using nisping to Load Data on to a Replica Server — Task Map
How to Load Namespace Data—nisping Method
Server Configuration Summary
Chapter 8 Configuring a Non-Root Domain
Setting Up a Non-Root Domain
Standard Versus NIS-Compatible Configuration Procedures
Security Considerations
Prerequisites
Information You Need
Setting Up a Non-root Domain — Task Map
How to Configure a Non-root Domain
Subdomain Configuration Summary
Chapter 9 Setting Up NIS+ Tables
Setting Up Tables
Populating Tables—Options
Populating NIS+ Tables From Files
Files Security Considerations
Prerequisites
Information You Need
Populating NIS+ Tables From Files — Task Map
How to Populate NIS+ Tables From Files
Populating NIS+ Tables From NIS Maps
Maps Security Considerations
Prerequisites
Information You Need
Populating NIS+ Tables From NIS Maps — Task Map
How to Populate Tables From Maps
Transferring Information From NIS+ to NIS
NIS to NIS+ Security Considerations
Prerequisites
Transferring Information From NIS+ to NIS — Task Map
How to Transfer Information From NIS+ to NIS
Limiting Access to the Passwd Column to Owners and Administrators
Passwd Column Security Considerations
Prerequisites
Information You Need
Limiting Access to the Passwd Column to Owners and Administrators — Task Map
How to Limit Read Access to the Passwd Column
Table Population Summaries
Part III NIS+ Administration
Chapter 10 NIS+ Tables and Information
NIS+ Table Structure
Columns and Entries
Search Paths
Ways to Set Up Tables
How Tables Are Updated
Chapter 11 NIS+ Security Overview
Solaris Security—Overview
NIS+ Security—Overview
NIS+ Principals
NIS+ Security Levels
Security Levels and Password Commands
NIS+ Authentication and Credentials—Introduction
User and Machine Credentials
DES versus LOCAL Credentials
DES Credentials
LOCAL Credentials
User Types and Credential Types
NIS+ Authorization and Access—Introduction
Authorization Classes
The Owner Class
The Group Class
The World Class
The Nobody Class
Authorization Classes and the NIS+ Object Hierarchy
NIS+ Access Rights
The NIS+ Administrator
NIS+ Password, Credential, and Key Commands
Chapter 12 Administering NIS+ Credentials
NIS+ Credentials
How Credentials Work
Credential Versus Credential Information
Authentication Components
How Principals Are Authenticated
Credentials Preparation Phase
Login Phase—Detailed Description
Request Phase—Detailed Description
The DES Credential in Detail
DES Credential Secure RPC Netname
DES Credential Verification Field
How the DES Credential Is Generated
Secure RPC Password Versus Login Password Problem
Cached Public Keys Problems
Where Credential-Related Information Is Stored
The cred Table in Detail
Creating Credential Information
The nisaddcred Command
Related Commands
How nisaddcred Creates Credential Information
LOCAL Credential Information
DES Credential Information
The Secure RPC Netname and NIS+ Principal Name
Creating Credential Information for the Administrator
Creating Credential Information for NIS+ Principals
For User Principals—Example
Using a Dummy Password and chkey—Example
Creating in Another Domain—Example
For machines—Example
Administering NIS+ Credential Information
Updating Your Own Credential Information
Removing Credential Information
Chapter 13 Administering NIS+ Keys
NIS+ Keys
Keylogin
Changing Keys for an NIS+ Principal
Changing the Keys
Changing Root Keys From Root
Changing Root Keys From Another Machine
Changing the Keys of a Root Replica From the Replica
Changing the Keys of a Nonroot Server
Updating Public Keys
The nisupdkeys Command
Updating Public Keys Arguments and Examples
Updating IP Addresses
Updating Client Key Information
Globally Updating Client Key Information
Chapter 14 Administering Enhanced Security Credentials
Diffie-Hellman Extended Key
Transitioning to a New Public Key-based Security Mechanism
Configuring NIS+ Security Mechanisms
Creating New Security Mechanism Credentials
New Security Mechanism Credentials –Example
Adding New Keys to NIS+ Directory Objects
Adding New Public Keys to NIS+ Directory Objects—Example
Configuring NIS+ Servers to Accept New Security Mechanism Credentials
Configuring NIS+ Servers to Accept New Security Mechanism Credentials—Example
Configuring Machines to Use New Security Mechanism Credentials
Configuring Machines to Use New Security Mechanism Credentials—Examples
Manually Refresh Directory Objects—Example NETNAMER
Changing the Password Protecting New Credentials
Change Password Protecting New Credentials—Example
Configuring Servers to Accept only New Security Mechanism Credentials
Configuring Servers to Accept only New Security Mechanism Credentials—Example
Removing Old Credentials from the cred Table
Removing old Credentials from the cred Table—Example
Chapter 15 Administering NIS+ Access Rights
NIS+ Access Rights
Introduction to Authorization and Access Rights
Authorization Classes—Review
Access Rights—Review
Concatenation of Access Rights
How Access Rights Are Assigned and Changed
Specifying Different Default Rights
Changing Access Rights to an Existing Object
Table, Column, and Entry Security
Table, Column, Entry Example
Rights at Different Levels
Read Rights
Create Rights
Modify Rights
Destroy Rights
Where Access Rights Are Stored
Viewing an NIS+ Object's Access Rights
Default Access Rights
How a Server Grants Access Rights to Tables
Specifying Access Rights in Commands
Syntax for Access Rights
Class, Operator, and Rights Syntax
Syntax for Owner and Group
Syntax for Objects and Table Entries
Displaying NIS+ Defaults—The nisdefaults Command
Setting Default Security Values
Displaying the Value of NIS_DEFAULTS
Changing Defaults
Resetting the Value of NIS_DEFAULTS
Specifying Nondefault Security Values at Creation Time
Changing Object and Entry Access Rights
Using nischmod to Add Rights
Using nischmod to Remove Rights
Specifying Column Access Rights
Setting Column Rights When Creating a Table
Adding Rights to an Existing Table Column
Removing Rights to a Table Column
Changing Ownership of Objects and Entries
Changing Object Owner With nischown
Changing Table Entry Owner With nischown
Changing an Object or Entry's Group
Changing an Object's Group With nischgrp
Changing a Table Entry's Group With nischgrp
Chapter 16 Administering Passwords
Using Passwords
Logging In
The Login incorrect Message
The will expire Message
The Permission denied Message
Changing Your Password
Password Change Failures
Choosing a Password
Password Requirements
Bad Choices for Passwords
Good Choices for Passwords
Administering Passwords
nsswitch.conf File Requirements
The nispasswd Command
The yppasswd Command
The passwd Command
passwd and the nsswitch.conf File
The passwd -r Option
The passwd Command and “NIS+ Environment”
The passwd Command and Credentials
The passwd Command and Permissions
The passwd Command and Keys
The passwd Command and Other Domains
The nistbladm Command
nistbladm and Shadow Column Fields
nistbladm And the Number of Days
Related Commands
Displaying Password Information
Changing Passwords
Changing Your Own Password
Changing Someone Else's Password
Changing Root's Password
Locking a Password
Unlocking a Password
Managing Password Aging
Forcing Users to Change Passwords
Setting a Password Age Limit
Setting Minimum Password Life
Establishing a Warning Period
Turning Off Password Aging
Password Privilege Expiration
Password Aging Versus Expiration
Setting an Expiration Date
Turning Off Password Privilege Expiration
Specifying Maximum Number of Inactive Days
Specifying Password Criteria and Defaults
The /etc/defaults/passwd File
Maximum weeks
Minimum Weeks
Warning Weeks
Minimum Password Length
Password Failure Limits
Maximum Number of Tries
Maximum Login Time Period
Chapter 17 Administering NIS+ Groups
Solaris Groups
NIS+ Groups
Related Commands
NIS+ Group Member Types
Member Types
Nonmember Types
Group Syntax
Using niscat With NIS+ Groups
Listing the Object Properties of a Group
The nisgrpadm Command
Creating an NIS+ Group
Deleting an NIS+ Group
Adding Members to an NIS+ Group
Listing the Members of an NIS+ Group
Removing Members From an NIS+ Group
Testing for Membership in an NIS+ Group
Chapter 18 Administering NIS+ Directories
NIS+ Directories
Using the niscat Command With Directories
Listing the Object Properties of a Directory
Using the nisls Command With Directories
Listing the Contents of a Directory—Terse
Listing the Contents of a Directory—Verbose
The nismkdir Command
Creating a Directory
Adding a Replica to an Existing Directory
The nisrmdir Command
Removing a Directory
Disassociating a Replica From a Directory
The nisrm Command
Removing Nondirectory Objects
The rpc.nisd Command
Starting an NIS-Compatible Daemon
Starting a DNS-Forwarding NIS-Compatible Daemon
Stopping the NIS+ Daemon
The nisinit Command
Initializing a Client
Initializing the Root Master Server
The nis_cachemgr Command
Starting and Stopping the Cache Manager
The nisshowcache Command
Displaying the Contents of the NIS+ Cache
Pinging and Checkpointing
The nisping Command
Displaying When Replicas Were Last Updated
Forcing a Ping
Checkpointing a Directory
The nislog Command
Displaying the Contents of the Transaction Log
The nischttl Command
Changing the Time-to-Live of an Object
Changing the Time-to-Live of a Table Entry
Chapter 19 Administering NIS+ Tables
NIS+ Tables
The nistbladm Command
nistbladm Syntax Summary
nistbladm and Column Values
nistbladm, Searchable Columns, Keys, and Column Values
nistbladm and Indexed Names
nistbladm and Groups
Creating a New Table
Specifying Table Columns
Creating Additional Automount Table
Deleting a Table
Adding Entries to a Table
Adding a Table Entry With the -a Option
Adding a Table Entry With the -A Option
Modifying Table Entries
Editing a Table Entry With the -e Option
Editing a Table Entry With the -E Option
Removing Table Entries
Removing Single Table Entries
Removing Multiple Entries From a Table
The niscat Command
Syntax
Displaying the Contents of a Table
Displaying the Object Properties of a Table or Entry
The nismatch and nisgrep Commands
About Regular Expressions
Syntax
Searching the First Column
Searching a Particular Column
Searching Multiple Columns
The nisln Command
Syntax
Creating a Link
The nissetup Command
Expanding a Directory Into an NIS+ Domain
Expanding a Directory Into an NIS-Compatible Domain
The nisaddent Command
Syntax
Loading Information From a File
Loading Data From an NIS Map
Dumping the Contents of an NIS+ Table to a File
Chapter 20 Server-Use Customization
NIS+ Servers and Clients
Default Client Search Behavior
Designating Preferred Servers
NIS+ Over Wide Area Networks
Optimizing Server-Use—Overview
nis_cachemgr is Required
Global Table or Local File
Preference Rank Numbers
Default Server Preferences
Efficiency and Server Preference Numbers
Preferred Only Servers Versus All Servers
Viewing Preferences
Server and Client Names
Server Preferences
When Server Preferences Take Effect
Using the nisprefadm Command
Viewing Current Server Preferences
How to View Preferences for a Machine
How to View Global Preferences for Single Machine
How to View Global Preferences for a Subnet
How to Specify Preference Rank Numbers
Specifying Global Server Preferences
How to Set Global Preferences for a Subnet
How to Set Global Preferences for an Individual Machine
How to Set Global Preferences for a Remote Domain
Specifying Local Server Preference
How to Set Preferences on a Local Machine
Modifying Server Preferences
How to Change a Server's Preference Number
How to Replace One Server With Another in a Preference List
How to Remove Servers From Preference Lists
How to Replace an Entire Preferred Server List
Specifying Preferred-Only Servers
How to Specify Preferred-Only Servers
How to Revert to Using Non-Preferred Servers
Ending Use of Server Preferences
How to Eliminate Global Server Preferences
How to Eliminate Local Server Preferences
How to Switch From Local to Global Subnet Preferences
How to Switch From Local to Machine-Specific Global Preferences
How to Stop a Machine From Using Any Server Preferences
Putting Server Preferences Into Immediate Effect
How to Immediately Implement Preference Changes
Chapter 21 NIS+ Backup and Restore
Backing Up Your Namespace With nisbackup
nisbackup Syntax
What nisbackup Backs Up
The Backup Target Directory
Maintaining a Chronological Sequence of NIS+ Backups
Backing Up Specific NIS Directories
Backing Up an Entire NIS+ Namespace
Backup Directory Structure
Backup Files
Restoring Your NIS+ Namespace With nisrestore
Prerequisites to Running nisrestore
nisrestore Syntax
Using nisrestore
Using Backup/Restore to Set Up Replicas
Replacing Server Machines
Machine Replacement Requirements
How to Replace Server Machines
Chapter 22 Removing NIS+
Removing NIS+ From a Client Machine
Removing NIS+ That Was Installed Using nisclient
Removing NIS+ That Was Installed Using NIS+ Commands
Removing NIS+ From a Server
Removing the NIS+ Namespace
Chapter 23 Information in NIS+ Tables
NIS+ Tables
NIS+ Tables and Other Name Services
NIS+ Table Input File Format
auto_home Table
auto_master Table
bootparams Table
client_info Table
cred Table
ethers Table
group Table
hosts Table
mail_aliases Table
netgroup Table
netmasks Table
networks Table
passwd Table
protocols Table
rpc Table
services Table
timezone Table
Additional Default Tables
Chapter 24 NIS+ Troubleshooting
NIS+ Debugging Options
NIS+ Administration Problems
Illegal Object Problems
nisinit Fails
Checkpoint Keeps Failing
Cannot Add User to a Group
Logs Grow too Large
Lack of Disk Space
Cannot Truncate Transaction Log File
Domain Name Confusion
Cannot Delete org_dir or groups_dir
Removal or Disassociation of NIS+ Directory from Replica Fails
NIS+ Database Problems
Multiple rpc.nisd Parent Processes
rpc.nisd Fails
NIS+ and NIS Compatibility Problems
User Cannot Log In After Password Change
nsswitch.conf File Fails to Perform Correctly
NIS+ Object Not Found Problems
Syntax or Spelling Error
Incorrect Path
Domain Levels Not Correctly Specified
Object Does Not Exist
Lagging or Out-of-Sync Replica
Files Missing or Corrupt
Old /var/nis Filenames
Blanks in Name
Cannot Use Automounter
Links To or From Table Entries Do Not Work
NIS+ Ownership and Permission Problems
No Permission
No Credentials
Server Running at Security Level 0
User Login Same as Machine Name
Bad Credentials
NIS+ Security Problems
Security Problem Symptoms
Login Incorrect Message
Password Locked, Expired, or Terminated
Stale and Outdated Credential Information
Storing and Updating Credential Information
Updating Stale Cached Keys
Corrupted Credentials
Keyserv Failure
Machine Previously Was an NIS+ Client
No Entry in the cred Table
Changed Domain Name
When Changing a Machine to a Different Domain
NIS+ and Login Passwords in /etc/passwd File
Secure RPC Password and Login Passwords Are Different
Preexisting /etc/.rootkey File
Root Password Change Causes Problem
NIS+ Performance and System Hang Problems
Performance Problem Symptoms
Checkpointing
Variable NIS_PATH
Table Paths
Too Many Replicas
Recursive Groups
Large NIS+ Database Logs at Start-up
The Master rpc.nisd Daemon Died
No nis_cachemgr
Server Very Slow at Start-up After NIS+ Installation
niscat Returns: Server busy. Try Again
NIS+ Queries Hang After Changing Host Name
NIS+ System Resource Problems
Resource Problem Symptoms
Insufficient Memory
Insufficient Disk Space
Insufficient Processes
NIS+ User Problems
User Problem Symptoms
User Cannot Log In
User Cannot Log In Using New Password
User Cannot Remote Log In to Remote Domain
User Cannot Change Password
Other NIS+ Problems
How to Tell if NIS+ Is Running
Replica Update Failure
Part IV FNS Setup, Configuration and Administration
Chapter 25 Federated Naming Service (FNS)
FNS Quickstart
X/Open Federated Naming (XFN)
Why FNS?
Composite Names and Contexts
Composite Names
Contexts
Attributes
FNS and the Name Service Switch
Maintaining Consistency Between FNS and the Switch File
Namespace Updates
Enterprise Naming Services
NIS+
NIS
NIS Clients Can Update Contexts With FNS if SKI is Running
Files-Based naming files
Global Naming Services
FNS Naming Policies
Organization Names
Site Names
User Names
Host Names
Service Names
File Names
Getting Started
Designating a Non-Default Naming Service
Creating the FNS Namespace
NIS+ Considerations
NIS+ Domains and Subdomains
Space and Performance Considerations
NIS+ Security Requirements
NIS Considerations
Files Considerations
Browsing the FNS Namespace
Listing Context Contents
Displaying the Bindings of a Composite Name
Showing the Attributes of a Composite Name
Searching for FNS Information
Updating the Namespace
FNS Administration Privileges
Binding a Reference to a Composite Name
Removing Bindings
Creating New Contexts
Creating File Contexts
Creating Printer Contexts
Destroying Contexts
Working With Attributes
Federating a Global Namespace
Copying and Converting FNS Contexts
Namespace Browser Programming Examples
Listing Names Bound in a Context
Creating a Binding
Listing and Working Wtih Object Attributes
Listing an Object's Attributes
Adding, Deleting, and Modifying an Object's Attributes
Searching for Objects in a Context
Setting Up FNS: An Overview
Determining Resource Requirements
Preparing the Namespace for FNS
Preparing the Namespace for FNS — Task Map
How to Prepare NIS+ Service for FNS
How to Prepare NIS Service for FNS
Preparing Files-Based Naming for FNS
Creating Global FNS Namespace Contexts
Creating Global FNS Namespace Contexts — Task Map
How to Create Namespace Contexts Under NIS+
How to Create Namespace Contexts Under NIS
How to Create Namespace Contexts Under Local Files
Replicating FNS Service
Replicating FNS Service — Task Map
How to Replicate FNS Under NIS+
How to Replicate FNS Under NIS
How to Replicate FNS Under Files-Based Naming
FNS Administration, Problem Solving, and Error Messages
FNS Error Messages
DNS Text Record Format for XFN References
X.500 Attribute Syntax for XFN References
Object Classes
Creating Enterprise Level Contexts
Creating an Organization Context
Organization Context NIS+ Example
All Hosts Context
Single Host Context
Host Aliases
All–Users Context
Single User Context
Service Context
Printer Context
Generic Context
Site Context
File Context
Namespace Identifier Context
Administering Enterprise Level Contexts
Displaying the Binding
Listing the Context
Binding a Composite Name to a Reference
Binding an Existing Name to a New Name
Constructing a Reference on the Command Line
Removing a Composite Name
Renaming an Existing Binding
Destroying a Context
Administering FNS: Attributes Overview
Examining Attributes
Searching for Objects Associated With an Attribute
Customizing Attribute Searches
Updating Attributes
Adding an Attribute
Deleting an Attribute
Listing an Attribute
Modifying an Attribute
Other Options
FNS and Enterprise-Level Naming Services
Choosing an Enterprise-Level Name Service
FNS and Naming Service Consistency
FNS and Solstice AdminSuite
Checking Naming Inconsistencies
Selecting a Naming Service
Default Naming Service
When NIS+ and NIS Coexist
Advanced FNS and NIS+ Issues
Mapping FNS Contexts to NIS+ Objects
Browsing FNS Structures Using NIS+ Commands
Checking Access Control
Advanced FNS and NIS Issues
NIS and FNS Maps and Makefiles
Large FNS Contexts
Printer Backward Compatibility
Migrating From NIS to NIS+
Advanced FNS and File-Based Naming Issues
FNS Files
Migrating From Files-Based Naming to NIS or NIS+
Printer Backward Compatibility
File Contexts Administration
Creating a File Context With fncreate_fs
Creating File Contexts With an Input File
Creating File Contexts With Command-line Input
Advanced Input Formats
Multiple Mount Locations
Variable Substitution
Backward Compatibility Input Format
Introduction to FNS and XFN Policies
What FNS Policies Specify
What FNS Policies Do Not Specify
Policies for the Enterprise Namespace
Default FNS Enterprise Namespaces
Enterprise Namespace Identifiers
Component Separators
Default FNS Namespaces
Organizational Unit Namespace
NIS+ Environment
NIS Environment
Files-Based Environment
Site Namespace
Host Namespace
User Namespace
File Namespace
Service Namespace
Service Name and Reference Registration
Printer Namespace
Significance of Trailing Slash
FNS Reserved Names
Composite Name Examples
Composing Names Relative to Organizations
Composing Names Relative to Users
Composing Names Relative to Hosts
Composing Names Relative to Sites
Composing Names Relative to Services and Files
Structure of the Enterprise Namespace
Enterprise Root
Using Three Dots to Identify the Enterprise Root
Using org// to Identify the Enterprise Root
Enterprise Root Subordinate Contexts
Enterprise Root and Organizational Subunits
Enterprise Root and Sites
Enterprise Root and Users
Enterprise Root and Hosts
Enterprise Root and Services
Enterprise Root and Files
Enterprise Root and Printers
Initial Context Bindings for Naming Within the Enterprise
User-related Bindings
myself
myorgunit
myens
Host-related Bindings
thishost
thisorgunit
thisens
“Shorthand” Bindings
user
host
org
site
FNS and Enterprise Level Naming
How FNS Policies Relate to NIS+
NIS+ Domains and FNS Organizational Units
Trailing Dot in Organization Names
NIS+ Hosts and FNS Hosts
NIS+ Users and FNS Users
NIS+ Security and FNS
How FNS Policies Relate to NIS
How FNS Policies Relate to Files-Based Naming
Target Client Applications of FNS Policies
Example Applications: Calendar Service
FNS File System Namespace
NFS File Servers
The Automounter
The FNS Printer Namespace
Policies for the Global Namespace
Initial Context Bindings for Global Naming
Federating DNS
Federating X.500/LDAP
FNS Problems and Solutions
Cannot Obtain Initial Context
Nothing in Initial Context
“No Permission” Messages (FNS)
fnlist Does not List Suborganizations
Cannot Create Host- or User-related Contexts
Cannot Remove a Context You Created
Name in Use with fnunbind
Name in Use with fnbind/fncreate -s
fndestroy/fnunbind Does Not Return Operation Failed
Some Common Error Messages
Part V Transitioning Between Naming Services
Chapter 26 Transitioning from NIS to NIS+
Differences Between NIS and NIS+
Domain Structure
DNS, NIS, and NIS+ Interoperability
Server Configuration
Information Management
Security
Suggested Transition Phases
Transition Principles
Consider the Alternatives to Making the Transition Immediately
Keep Things Simple
Use a Single Release of Software
Minimize Impact on Client Users
Things You Should Not Do
Become Familiar With NIS+
Design Your Final NIS+ Namespace
Plan Security Measures
Decide How to Use NIS-Compatibility Mode
Implement the Transition
Planning the NIS+ Namespace: Identifying the Goals of Your Administrative Model
Designing the Namespace Structure
Domain Hierarchy
Domain Hierarchy – Solaris 2.6 and Earlier
Domain Hierarchy – Solaris 9
Designing a Domain Hierarchy
Organizational or Geographical Mapping
Connection to Higher Domains?
Client Support in the Root Domain
Domain Size Compared With Number of Domains
Number of Levels
Security Level
Domains Across Time Zones
Information Management
Domain Names
Email Environment
Determining Server Requirements
Number of Supported Domains
Number of Replica Servers
Server Speed
Server Memory Requirements
Server Disk Space Requirements
Determining Table Configurations
Differences Between NIS+ Tables and NIS Maps
NIS+ Standard Tables
NIS+ Tables Interoperate Differently With /etc Files
Use of Custom NIS+ Tables
Connections Between Tables
Paths
Links
Resolving User/Host Name Conflicts
Understanding the Impact of NIS+ Security
How NIS+ Security Affects Users
How NIS+ Security Affects Administrators
How NIS+ Security Affects Transition Planning
Selecting Credentials
Choosing a Security Level
Establishing Password-aging Criteria, Principles, and Rules
Planning NIS+ Groups
Planning Access Rights to NIS+ Groups and Directories
Planning Access Rights to NIS+ Tables
Protecting the Encrypted Passwd Field
Using NIS Compatibility Mode: An Introduction
Selecting Your NIS-Compatible Domains
Determining NIS-Compatible Server Configuration
Deciding How to Transfer Information Between Services
Deciding How to Implement DNS Forwarding
DNS Forwarding for NIS+ Clients
DNS Forwarding for NIS Clients Running under the Solaris 2 or Solaris 9 Operating Environment
NIS and NIS+ Command Equivalents in the Solaris 1, Solaris 2, and Solaris 9 Releases
NIS Commands Supported in the Solaris 2 and Solaris 9 Releases
Client and Server Command Equivalents
Client Command Equivalents
Server Command Equivalents
NIS and NIS+ API Function Equivalents
NIS-Compatibility Mode Protocol Support
Before You Transition to NIS+: Gauge the Impact of NIS+ on Other Systems
Train Administrators
Write a Communications Plan
Identify Required Conversion Tools and Processes
Identify Administrative Groups Used for Transition
Determine Who Will Own the Domains
Determine Resource Availability
Resolve Conflicts Between Login Names and Host Names
Examine All Information Source Files
Remove the “.” from Host Names
Remove the “.” from NIS Map Names
Document Your Current NIS Namespace
Create a Conversion Plan for Your NIS Servers
Implementing NIS+: An Introduction
Phase I-Set Up the NIS+ Namespace
Phase II-Connect the NIS+ Namespace to Other Namespaces
Phase III-Make the NIS+ Namespace Fully Operational
Phase IV-Upgrade NIS-Compatible Domains
Appendix A Error Messages
About Error Messages
Error Message Context
Context-Sensitive Meanings
How Error Messages Are Alphabetized
Numbers in Error Messages
Common Namespace Error Messages
Appendix B System Administration Guide: Naming and Directory Services (NIS+ and FNS) Updates
Solaris 9 9/02 Update
Glossary
© 2010, Oracle Corporation and/or its affiliates