[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

Network Information Services (NIS and NIS+) Guide

Table of Contents

About This Book

  • Who Should Use This Book
  • Highlighting
  • ISO 9000
  • Related Publications
  • Trademarks

    • Chapter 1. Introduction to Name Services

  • Name Services Overview
  • Domain Name System (DNS) Overview
  • Network Information Service (NIS) Overview
  • NIS Architecture
  • NIS Maps
  • Network Information Service+ (NIS+) Overview
  • NIS and NIS+ Differences
  • Domain Structure
  • DNS, NIS, and NIS+ Interoperability
  • Server Configuration
  • Information Management
  • Security
  • NIS+ Security Overview
  • NIS-Compatibility Mode
  • Using NIS+ Commands

    • Chapter 2. Network Information Service

  • NIS Overview
  • Components of NIS
  • Servers
  • Master Servers
  • Slave Servers
  • Clients
  • NIS Domain
  • NIS Maps
  • ypservers: a Special Map
  • Netgroups: Network-Wide Groups of Machines and Users
  • makedbm and Makefile: Creating Maps
  • Maintaining Consistent System Information with NIS
  • NIS Installation and Configuration
  • Configuring NIS
  • Setting the NIS Domain Name
  • Configuring the NIS Master Server
  • Configuring an NIS Slave Server
  • Configuring an NIS Client
  • Preparing a Host for NIS Configuration
  • Customizing NIS Map Input
  • Starting and Stopping NIS Daemons
  • Prerequisites
  • Procedure
  • Setting Up NIS Client Files to Use NIS Services
  • Files that NIS Ignores
  • Files where NIS Appends Map Information
  • NIS Maintenance
  • Prerequisite
  • NIS Security
  • /var/yp/securenets
  • Changing an NIS Map
  • Changing NIS Passwords
  • Adding a New NIS Slave Server
  • Adding a New NIS User
  • Creating Nonstandard NIS Maps
  • Propagating an NIS Map
  • Prerequisite
  • Procedures
  • Moving the Master Server to a Different Host
  • NIS Automount
  • Map Entry Format
  • Replicated File Systems
  • Weighting Factor
  • Map Key Substitution
  • Wild Card Key
  • Multiple Mounts
  • Other File System Types
  • Indirect Maps
  • Direct Maps
  • Special Maps
  • Executable Maps
  • Configuration and the Master (auto_master or auto.master) Map
  • Included Maps
  • Managing NIS Automount Maps
  • Prerequisites
  • Procedure
  • Maintaining All of the automount Maps with NIS
  • NIS Reference
  • Daemons
  • Commands

    • Chapter 3. Moving from NIS to NIS+

  • Changes Required to Move to NIS+
  • Suggested Transition Phases
  • Transition Principles
  • Become Familiar with NIS+
  • Design Your Final NIS+ Namespace
  • Plan Security Measures
  • Decide How to Use NIS-Compatibility Mode
  • Complete Prerequisites to Transition
  • Implement the Transition
  • Designing the NIS+ Namespace
  • Identifying the Goals of Your Administrative Model
  • Designing the Namespace Structure
  • Domain Hierarchy
  • Domain Names
  • Electronic Mail Environment
  • Selecting the Namespace Servers
  • Supported Domains
  • Server Load
  • Disk Space and Memory Requirements
  • Determine Table Configurations
  • Differences Between NIS+ Tables and NIS Maps
  • Using Custom NIS+ Tables
  • Connections Between Tables
  • Resolving User/Host Name Conflicts
  • Planning NIS+ Security Measures
  • Understanding the Impact of NIS+ Security
  • How NIS+ Security Affects Users
  • How NIS+ Security Affects Administrators
  • How NIS+ Security Affects Transition Planning
  • Selecting Credentials
  • Choosing a Security Level
  • Establishing Password-Aging Criteria, Principles, and Rules
  • Planning NIS+ Groups
  • Planning Access Rights to NIS+ Groups and Directories
  • Planning Access Rights to NIS+ Tables
  • Protecting the Encrypted Passwd Field
  • Using NIS-Compatibility Mode
  • Selecting Your NIS-Compatible Domains
  • Determining NIS-Compatible Server Configuration
  • Deciding How to Transfer Information Between Services
  • Deciding How to Implement DNS Forwarding
  • NIS and NIS+ API Function Equivalents
  • NIS-Compatibility Mode Protocol Support
  • Prerequisites to Transition
  • Gauge the Impact of NIS+ on Other Systems
  • Train Administrators
  • Write a Communications Plan
  • Identify Required Conversion Tools and Processes
  • Identify Administrative Groups Used for Transition
  • Determine Who Will Own the Domains
  • Determine Resource Availability
  • Resolve Conflicts Between Login Names and Host Names
  • Examine All Information Source Files
  • Remove the "." from Host Names
  • Remove the "." from NIS Map Names
  • Document Your Current NIS Namespace
  • Create a Conversion Plan for Your NIS Servers
  • Implementing the Transition
  • Phase I--Set Up the NIS+ Namespace
  • Phase II--Connect the NIS+ Namespace to Other Namespaces
  • Phase III--Make the NIS+ Namespace Fully Operational
  • Phase IV--Upgrade NIS-Compatible Domains

    • Chapter 4. NIS+ Namespace and Structure

  • NIS+ Files and Directories
  • NIS+ Namespace Structure
  • Directories
  • Domains
  • Servers
  • How Servers Propagate Changes
  • NIS+ Clients and Principals
  • Principals
  • Client
  • The Cold-Start File and Directory Cache
  • NIS+ Servers as Clients
  • Naming Conventions
  • NIS+ Domain Names
  • Directory Object Names
  • Tables and Group Names
  • Table Entry Names
  • Host Names
  • NIS+ Principal Names
  • Accepted Name Symbols
  • NIS+ Name Expansion
  • NIS_PATH Environment Variable
  • NIS+ Tables and Information
  • NIS+ Table Structure
  • Columns and Entries
  • Search Paths
  • Table Set Up Options
  • Updating Tables

    • Chapter 5. NIS+ Installation and Configuration

  • Setting Up NIS+
  • Prerequisites for Installing and Configuring NIS+
  • Planning Your NIS+ Layout
  • Determining Server Requirements
  • Evaluate Disk Space and Memory Requirements
  • Preparing the Existing Namespace
  • Configuration Worksheets
  • Using NIS+ Setup Scripts
  • What the NIS+ Scripts Will Do
  • What the NIS+ Scripts Will Not Do
  • Setting Up a Typical Namespace with Scripts
  • Creating a Sample NIS+ Namespace
  • Setting Up NIS+ Root Servers
  • Prerequisites
  • Creating a Root Master Server
  • Changing Incorrect Information
  • Populating NIS+ Tables
  • Prerequisites
  • Procedure
  • Setting Up Root Domain NIS+ Client Machines
  • Prerequisites
  • Initializing a New Client Machine
  • Creating Additional Client Machines
  • Initializing NIS+ Client Users
  • Prerequisites
  • Procedure
  • Setting Up NIS+ Servers
  • Prerequisites
  • Configuring an NIS+ Server
  • Creating Additional Servers
  • Designating Root Replicas
  • Prerequisites
  • Creating a Root Replica
  • Creating Additional Replicas
  • Creating a Subdomain
  • Prerequisites
  • Creating a New Nonroot Domain
  • Creating Additional Domains
  • Populating the New Domain's Tables
  • Prerequisites
  • Populating the Master Server Tables
  • Designating Replicas
  • Prerequisites
  • Procedure
  • Initializing Subdomain NIS+ Client Machines
  • Prerequisites
  • Procedure
  • Initializing Subdomain NIS+ Client Users
  • Prerequisites
  • Procedure
  • Summary of Commands for the Sample NIS+ Namespace
  • Setting Up the Root Domain
  • Standard versus NIS-Compatible Setup Procedures
  • Establishing the Root Domain
  • Security Considerations
  • Prerequisites
  • Procedure
  • Root Domain Setup Summary
  • Setting Up NIS+ Servers
  • Setting Up an NIS+ Server
  • Standard versus NIS-Compatible Setup Procedures
  • Prerequisites
  • Procedure
  • Adding a Replica to an Existing Domain
  • Prerequisites
  • Procedure
  • Server Setup Summary
  • Setting Up NIS+ Tables
  • Populating NIS+ Tables From Files
  • Security Considerations
  • Prerequisites
  • Procedure
  • Populating NIS+ Tables From NIS Maps
  • Security Considerations
  • Prerequisites
  • Procedure
  • Transferring Information From NIS+ to NIS
  • Security Considerations
  • Prerequisites
  • Procedure
  • Limiting Access to the Passwd Column to Owners and Administrators
  • Prerequisites
  • Procedure
  • Table Population Summaries
  • Setting Up a Nonroot Domain
  • Standard versus NIS-Compatible Setup Procedures
  • Security Considerations
  • Prerequisites
  • Procedure
  • Subdomain Setup Summary
  • Setting Up NIS+ Clients
  • Changing a Workstation's Domain
  • Specifying a Domain Name After Installation
  • Prerequisities
  • Procedure
  • Initializing an NIS+ Client
  • Initializing with the Broadcast Method
  • Initializing with the Host-Name Method
  • Initializing with the Cold-Start File Method
  • NIS+ Client Setup Summary
  • Setting Up Clients
  • Security Considerations
  • Prerequisites
  • Procedure

    • Chapter 6. NIS+ Administration

  • Administering NIS+ Credentials
  • How Credentials Work
  • Authentication Components
  • How Principals are Authenticated
  • DES Credentials
  • DES Credential Secure RPC Netname
  • Verification Field
  • How the DES Credential Is Generated
  • Secure RPC Password versus Login Password
  • Cached Public Keys
  • Where Credential-Related Information Is Stored
  • The Cred Table in Detail
  • Creating Credential Information
  • How nisaddcred Creates Credential Information
  • Secure RPC Netname and NIS+ Principal Name
  • Creating Credential Information for the Administrator
  • Creating Credential Information for NIS+ Principals
  • Administering Credential Information
  • Updating Your Own Credential Information
  • Removing Credential Information
  • Administering NIS+ Keys
  • The keylogin Process
  • Changing Keys for an NIS+ Principal
  • Changing Root Keys of an NIS+ Principal
  • Changing Root Keys From Root Master
  • Changing Root Keys From Another Machine
  • Changing the Keys of a Root Replica from the Replica
  • Changing the Keys of a Nonroot Server
  • Updating Public Keys
  • Updating IP Addresses
  • Administering NIS+ Access Rights
  • Concatenation of Access Rights
  • How Access Rights Are Assigned and Changed
  • Specifying Different Default Rights
  • Changing Access Rights to an Existing Object
  • Access Rights and Table Security
  • Access Rights at Different Levels
  • Where Access Rights Are Stored
  • Viewing an NIS+ Object's Access Rights
  • Default Access Rights
  • How a Server Grants Access Rights to Tables
  • Specifying Access Rights in Commands
  • Class, Operator, and Rights Syntax
  • Syntax for Owner and Group
  • Syntax for Objects and Table Entries
  • Displaying NIS+ Defaults
  • Setting Default Security Values
  • Displaying the Value of NIS_DEFAULTS
  • Changing Defaults
  • Resetting the Value of NIS_DEFAULTS
  • Specifying Nondefault Security Values
  • Changing Object and Entry Access Rights
  • Specifying Column Access Rights
  • Setting Column Rights When Creating a Table
  • Adding Rights to an Existing Table Column
  • Removing Rights to a Table Column
  • Changing Ownership of Objects and Entries
  • Changing an Object or Entry's Group
  • Administering Passwords
  • Logging In
  • The Login incorrect Message
  • The password expired Message
  • The will expire Message
  • The Permission denied Message
  • Changing Your Password
  • Password Change Failures
  • Choosing a Password
  • Password Requirements
  • Bad Choices for Passwords
  • Good Choices for Passwords
  • The passwd Command
  • The passwd Command and Credentials
  • The passwd Command and Permissions
  • The passwd Command and Keys
  • The nistbladm Command
  • Changing Passwords
  • Changing Your Own Password
  • Changing Someone Else's Password
  • Changing Root's Password
  • Managing Password Aging
  • Password Privilege Expiration
  • Specifying Maximum Number of Inactive Days
  • Setting Password Aging Criteria for Multiple Users
  • Specifying Password Criteria and Defaults
  • Password Failure Limits
  • Administering NIS+ Groups
  • Specifying Group Members
  • Using niscat with Groups
  • Listing the Object Properties of a Group
  • The nisgrpadm Command
  • Creating an NIS+ Group
  • Deleting an NIS+ Group
  • Adding Members to an NIS+ Group
  • Listing the Members of an NIS+ Group
  • Removing Members from an NIS+ Group
  • Testing Membership in an NIS+ Group
  • Administering NIS+ Directories
  • The niscat Command
  • Listing the Object Properties of a Directory
  • The nisls Command
  • Listing the Contents of a Directory--Terse
  • Listing the Contents of a Directory--Verbose
  • The nismkdir Command
  • Creating a Directory
  • Adding a Replica to an Existing Directory
  • The nisrmdir Command
  • Removing a Directory
  • Disassociating a Replica From a Directory
  • The nisrm Command
  • Removing Nondirectory Objects
  • The rpc.nisd Command
  • Starting an NIS-Compatible Daemon
  • Starting a DNS-Forwarding NIS-Compatible Daemon
  • Stopping the NIS+ Daemon
  • The nisinit Command
  • Initializing a Client
  • Initializing the Root Master Server
  • The nis_cachemgr Command
  • Starting the Cache Manager
  • The nisshowcache Command
  • Displaying the Contents of the NIS+ Cache
  • The nisping Command
  • Displaying Time of Last Update
  • Checkpointing
  • The nislog Command
  • Displaying the Contents of a Transaction Log
  • The nischttl Command
  • Changing the TTL Value
  • Displaying the TTL Value
  • Administering NIS+ Tables
  • Using the nistbladm Command
  • Using the niscat Command
  • Using the nismatch and nisgrep Commands
  • Searching with Regular Expressions
  • Searching the First Column
  • Searching a Particular Column
  • Searching Multiple Columns
  • Using the nisln Command
  • Using the nissetup Command
  • Using the nisaddent Command
  • Removing NIS+
  • Removing NIS+ from a Client Machine
  • Restoring to Previous Network Environment
  • Removing NIS+ from a Server
  • Removing the NIS+ Namespace

    • Chapter 7. Security

  • Operating System Security Mechanisms
  • NIS+ Security Mechanisms
  • NIS+ Principals
  • NIS+ Security Levels
  • NIS+ Authentication and Credentials
  • User and Machine Credentials
  • DES versus Local Credentials
  • DES Credentials
  • Local Credentials
  • User Types and Credential Types
  • NIS+ Authorization and Access
  • Authorization Classes
  • Owner Class
  • Group Class
  • World Class
  • Nobody Class
  • Authorization Classes and the NIS+ Object Hierarchy
  • NIS+ Access Rights
  • NIS+ Security and Administrative Rights
  • NIS+ Security Reference

    • Chapter 8. NIS and NIS+ Troubleshooting

  • Troubleshooting NIS-Related Problems
  • Identifying NIS Client Problems
  • Using rsh
  • When Commands Hang
  • When NIS Service Is Unavailable
  • When the ypbind Daemon Becomes Inoperable
  • When the ypwhich Command Is Inconsistent
  • Identifying NIS Server Problems
  • When Different Versions of an NIS Map Exist
  • When the ypserv Daemon Becomes Inoperable
  • Troubleshooting NIS+ Namespace Administration Problems
  • Illegal Object Problems
  • nisinit Fails
  • Checkpoint Keeps Failing
  • Cannot Add User to a Group
  • Logs Grow too Large
  • Lack of Disk Space
  • Cannot Truncate Transaction Log File
  • Domain Name Confusion
  • Inability to Delete org_dir or groups_dir
  • Troubleshooting NIS+ Namespace Database Problems
  • Multiple rpc.nisd Parent Processes
  • Troubleshooting NIS Compatibility Problems
  • User Cannot Log In After Password Change
  • /etc/irs.conf File Fails to Perform Correctly
  • Troubleshooting Object Not Found Problems
  • Syntax or Spelling Errors
  • Incorrect Path
  • Domain Levels Not Correctly Specified
  • Object Does Not Exist
  • Lagging or Out-of-Sync Replica
  • Files Missing or Corrupt
  • Blanks in Name
  • Cannot Use Automounter
  • Ownership and Permission Problems
  • No Permission
  • No Credentials
  • Server Running at Security Level 0
  • User Login Same as Machine Name
  • Diagnosis
  • Solution
  • Bad Credentials
  • Troubleshooting Security Problems
  • "Login Incorrect" Message
  • Password Locked, Expired, or Terminated
  • Stale and Outdated Credential Information
  • Storing and Updating Credential Information
  • Updating Stale Cached Keys
  • Stage 1: Server's Public Key Is Generated
  • Stage 2: Public Key Is Propagated to Directory Objects
  • Stage 3: Directory Objects Are Propagated Into Client Files
  • Stage 4: When a Replica is Added to the Domain
  • Stage 5: When the Server's Public Key Is Changed
  • Corrupted Credentials
  • keyserv Failure
  • Machine Previously Was an NIS+ Client
  • No Entry in the cred Table
  • Changed Domain Name
  • When Changing a Machine to a Different Domain
  • NIS+ Password and Login Password in /etc/passwd File
  • Secure RPC Password and Login Passwords Are Different
  • Preexisting /etc/.rootkey File
  • Root Password Change Causes Problem
  • Troubleshooting Slow Performance and System Hang Problems
  • Checkpointing
  • Variable NIS_PATH
  • Table Paths
  • Too Many Replicas
  • Recursive Groups
  • Large NIS+ Database Logs at Start-up
  • The Master rpc.nisd Daemon Died
  • No nis_cachemgr
  • Server Very Slow at Startup After NIS+ Installation
  • niscat Returns: Server busy. Try Again
  • NIS+ Queries Hang After Changing Host Name
  • Troubleshooting System Resource Problems
  • Insufficient Memory
  • Insufficient Disk Space
  • Insufficient Processes
  • Troubleshooting User Problems
  • User Cannot Log In
  • User Cannot Log In Using New Password
  • User Cannot Remote Log In to Remote Domain
  • User Cannot Change Password
  • Troubleshooting Other NIS+ Problems
  • How to Tell if NIS+ Is Running
  • Replica Update Failure

    • Appendix A. Information in NIS+ Tables

  • Auto_Home Table
  • Auto_Master Table
  • Bootparams Table
  • Input File Format
  • Client_info Table
  • Cred Table
  • Ethers Table
  • Group Table
  • Hosts Table
  • Mail_aliases Table
  • Input File Format
  • Netgroup Table
  • Input File Format
  • Netmasks Table
  • Networks Table
  • Passwd Table
  • Protocols Table
  • RPC Table
  • Services Table
  • Timezone Table

    • Appendix B. Notices

    Index

    [ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]