| |
Preface | xxv |
Part 1 --Setting Up NIS+ Components |
1. Setting Up the Root Domain | 1 |
| ...Standard versus NIS-Compatible Setup Procedures | 1 |
| ...Establishing the Root Domain | 2 |
| ......Summary of Steps | 2 |
| ......· How to Set Up a Root Domain | 3 |
| ...Summary | 23 |
2. Setting Up NIS+ Clients | 25 |
| ...Setting Up NIS+ Clients | 26 |
| ......· How to Set up an NIS+ Client | 28 |
| ...Initializing an NIS+ Client by Broadcast | 32 |
| ......· How to Initialize an NIS+ Client -- Broadcast Method | 33 |
| ...Initializing an NIS+ Client by Hostname | 34 |
| ......· How to Initialize an NIS+ Client -- Hostname Method | 34 |
| |
| ...Initializing an NIS+ Client by Coldstart File | 35 |
| ......· How to Initialize an NIS+ Client -- Coldstart Method | 36 |
| ...Changing a Client's Domain Name | 36 |
| ......Specifying a Domain Name After Installation | 36 |
| ......· How to Change a Client's Domain Name | 37 |
| ...NIS+ Client Set Up Summary | 39 |
3. Setting Up NIS+ Servers | 41 |
| ...Setting Up an NIS+ Server | 41 |
| ...... Standard versus NIS-Compatible Setup Procedures | 42 |
| ......· How to Set Up an NIS+ Server | 43 |
| ...Adding a Replica to an Existing Domain | 45 |
| ......· How to Add a Replica Server | 46 |
| ...Changing a Server's Security Level | 47 |
| ......· How to Change a Server's Security Level | 48 |
| ...Summary | 49 |
4. Setting Up a Non-Root Domain | 51 |
| ...Setting Up a Non-Root Domain | 51 |
| ...... Standard versus NIS-Compatible Setup Procedures | 52 |
| ......· How to Set Up a Non-Root Domain | 54 |
| ...Summary | 60 |
5. Setting Up NIS+ Tables | 61 |
| ...Replace, Append, and Merge | 62 |
| ...Populating NIS+ Tables From Files | 62 |
| ......· How to Populate NIS+ Tables From Files | 63 |
| |
| ...Populating NIS+ Tables From NIS Maps | 68 |
| ......· How to Populate NIS+ Tables From Maps | 69 |
| ...Transferring Information From NIS+ to NIS | 72 |
| ......· How to Transfer Information From NIS+ to NIS | 73 |
| ...Limiting Access to the Passwd Column | 73 |
| ......· How to Limit Access to the Passwd Column | 74 |
| ......· How to Limit Read Access to the Passwd Column | 77 |
| ...Summaries | 79 |
6. Setting Up the Name Service Switch | 83 |
| ... Selecting an Alternate Configuration File | 83 |
| ......· How to Select an Alternate Configuration File | 84 |
| ...Enabling an NIS+ Client to Use DNS. | 85 |
| ......· How to Enable an NIS+ Client to use DNS | 85 |
| ...Adding Compatibility with +/- Syntax | 86 |
| ......· How to Add Compatibility with +/- Syntax | 87 |
Part 2 --Administering NIS+ |
7. Administering NIS+ Security | 91 |
| ...Overview of the Security Process | 91 |
| ......About NIS+ Principals | 91 |
| ......About NIS+ Access Rights | 92 |
| ..........About Server Security Levels | 94 |
| ..........A Note About Setting Up NIS+ Security | 94 |
| ...NIS+ Authentication | 95 |
| ......Types of Credential | 95 |
| |
| ......Where Credentials Are Stored | 98 |
| ...Creating Credential Information | 99 |
| ......How Credentials Are Created by the Client | 101 |
| .......... Network Password Different from Login Password. | 103 |
| ......How Credentials are Examined by the Server | 106 |
| ......Cached Public Keys | 106 |
| ...NIS+ Authorization in Depth | 109 |
| ......Authorization Classes | 110 |
| ..........The Object's Owner | 110 |
| ..........The Object's Group | 110 |
| ..........The World | 111 |
| ..........Nobody | 111 |
| ......Where Access Rights are Stored | 111 |
| ......How Access Rights Are Assigned | 112 |
| ......How a Server Grants Access Rights to Tables | 116 |
| ..........Granting Access to Read or Modify a Table | 117 |
| ..........Granting Access to Destroy Table Entries | 119 |
| ..........Granting Access to Create Table Entries | 120 |
8. Administering NIS+ Credentials | 123 |
| ...Related Commands | 123 |
| ...Where Credential-Related Information Is Stored | 124 |
| ...The nisaddcred Command | 125 |
| ......A Note About Creating Your Own Credentials | 127 |
| ......· How to Create Credentials for an NIS+ Principal | 127 |
| |
| ......· How to Update Your Own Credentials | 130 |
| ......· How to Remove Credentials | 130 |
| ...The chkey Command | 131 |
| ......· How to Change Your DES Keys | 132 |
| ...The nispasswd Command | 132 |
| ......· How to Display Password Information | 135 |
| ......· How to Change Passwords | 136 |
| ...The nisupdkeys Command | 136 |
| ......· How to Update All Public Keys in a Directory | 138 |
| ......· How to Update Keys of a Particular Server | 138 |
| ......· How to Clear Public Keys | 138 |
| ......· How to Update IP Addresses | 138 |
| ...The keylogin Command | 139 |
| ......· How to Keylogin | 139 |
9. Administering NIS+ Access Rights | 141 |
| ...Specifying Access Rights in Commands | 142 |
| ......Syntax for Access Rights | 142 |
| ..........Syntax for Owner and Group | 143 |
| ..........Syntax for Objects and Entries | 144 |
| ...The nisdefaults Command | 144 |
| ......Displaying Default Values | 146 |
| ......Changing Defaults | 146 |
| ......Displaying the Value of NIS_DEFAULTS | 147 |
| ......Resetting the Value of NIS_DEFAULTS | 147 |
| |
| ......Overriding Defaults | 147 |
| ...The nischmod Command | 149 |
| ......Adding Rights to an Object | 149 |
| ......Removing Rights to an Object | 150 |
| ......Adding Rights to a Table Entry | 150 |
| ......Removing Rights to a Table Entry | 151 |
| ...The nistbladm Command | 151 |
| ......Setting Column Rights When Creating a Table | 152 |
| ......Adding Rights to an Existing Table Column | 152 |
| ......Removing Rights to a Table Column | 153 |
| ...The nischown Command | 154 |
| ......Changing an Object's Owner | 154 |
| ......Changing a Table Entry's Owner | 154 |
| ...The nischgrp Command | 155 |
| ......Changing an Object's Group | 155 |
| ......Changing a Table Entry's Group | 156 |
10. Administering NIS+ Groups | 157 |
| ...Related Commands | 158 |
| ...Specifying Group Members in All Commands | 158 |
| ......Non-Members | 159 |
| ...Using niscat With Groups | 159 |
| ......· Listing the Object Properties of a Group | 159 |
| ...The nisgrpadm Command | 160 |
| ......Creating an NIS+ Group | 161 |
| |
| ......Deleting an NIS+ Group | 163 |
| ......Adding Members to an NIS+ Group | 163 |
| ......Listing the Members of an NIS+ Group | 164 |
| ......Removing Members From an NIS+ Group | 165 |
| ......Testing for Membership in an NIS+ Group | 166 |
11. Administering NIS+ Directories | 167 |
| ...Listing the Directories Servered by a Server | 168 |
| ...Using niscat With Directories | 168 |
| ......Listing the Object Properties of a Directory | 168 |
| ...The nisls Command | 169 |
| ......· Listing the Contents of a Directory -- Terse | 170 |
| ......Listing the Contents of a Directory -- Verbose | 171 |
| ...The nismkdir Command | 172 |
| ......Creating a Directory | 172 |
| ......Adding a Replica to an Existing Directory | 173 |
| ...The nisrmdir Command | 174 |
| ......Removing a Directory | 174 |
| ......Disassociating a Replica From a Directory | 174 |
| ...The nisrm Command | 175 |
| ......Removing Non-Directory Objects | 175 |
| ...The rpc.nisd Command | 176 |
| ......Starting the NIS+ Daemon | 177 |
| ......Starting a NIS-Compatible Daemon | 177 |
| ......Start a DNS-Forwarding NIS-Compatible Daemon | 177 |
| |
| ......Stopping the NIS+ Daemon | 178 |
| ...The nisinit Command | 178 |
| ......Initializing a Client | 178 |
| ......Initializing the Root Master Server | 179 |
| ...The nis_cachemgr Command | 179 |
| ......Starting the Cache Manager | 180 |
| ...The nisshowcache Command | 180 |
| ......Displaying the Contents of the NIS+ Cache | 181 |
| ...The nisping Command | 181 |
| ......Displaying the Time of the Last Update | 182 |
| ......Pinging Replicas | 182 |
| ......Checkpointing a Directory | 183 |
| ...The nislog Command | 184 |
| ......Displaying the Contents of the Transaction Log | 184 |
| ...The nischttl Command | 186 |
| ......Changing the Time-to-Live of an Object | 187 |
| ......Changing the Time-to-Live of a Table Entry | 187 |
12. Administering NIS+ Tables | 189 |
| ...The nistbladm Command | 190 |
| ......Creating a Table | 191 |
| ......Deleting a Table | 192 |
| ......Adding an Entry to a Table | 193 |
| ......Modifying a Table Entry | 195 |
| ......Removing a Single Entry From a Table | 195 |
| |
| ......Removing Multiple Entries From a Table | 196 |
| ...The niscat Command | 197 |
| ......Displaying the Contents of a Table | 198 |
| ......· How to Display Object Properties of a Table or Entry . | 198 |
| ...The nismatch and nisgrep Commands | 200 |
| ......About Regular Expressions | 201 |
| ...... Searching the First Column | 203 |
| ......Searching a Particular Column | 203 |
| ......Searching Multiple Columns | 204 |
| ...The nisln Command | 205 |
| ......Creating a Link | 205 |
| ...The nissetup Command | 205 |
| ......Expanding a Directory into an NIS+ Domain | 206 |
| ......· Expand a Directory Into an NIS-Compatible Domain . | 207 |
| ...The nisaddent Command | 207 |
| ......Loading Information From a File | 209 |
| ......Loading Data From an NIS Map | 211 |
| ......Dumping the Contents of an NIS+ Table to a File | 213 |
13. Problems and Solutions | 215 |
| ...Namespace Administration Problems | 216 |
| ......Illegal Object Problems | 216 |
| ......nisinit Fails | 217 |
| ......Checkpoint Keeps Failing | 217 |
| ......Cannot Add User to a Group | 217 |
| |
| ...... Logs Grow Too Large | 217 |
| ......Lack of Disk Space | 218 |
| ......Cannot Truncate Transaction Log File | 218 |
| ......Domain Name Confusion | 218 |
| ......Cannot Delete org_dir or groups_dir. | 219 |
| ...Namespace Database Problems | 219 |
| ......Multiple rpc.nisd Parent Processes | 219 |
| ...NIS Compatibility Problems | 220 |
| ......User Cannot Log In After Password Change | 221 |
| ...... nsswitch.conf File Fails to Perform Correctly | 222 |
| ...[Object] Not Found Problems | 222 |
| ......Syntax or Spelling Error | 223 |
| ......Incorrect Path | 223 |
| ......Domain Levels Not Correctly Specified | 223 |
| ......Object Does Not Exist | 224 |
| ......Lagging or Out of Sync Replica | 224 |
| ......Files Missing or Corrupt | 224 |
| ......Blanks in Name | 225 |
| ......Cannot Use Automounter Problems | 225 |
| ...Ownership and Permission Problems | 226 |
| ......No Permission | 226 |
| ......No Credentials | 226 |
| ......Server Running at Security Level 0 | 226 |
| ......User Login Same as Machine Name | 227 |
| |
| ......Bad Credentials | 228 |
| ...Security Problems | 228 |
| ......Password Entered Incorrectly | 229 |
| ......Corrupted Credentials | 229 |
| ......Keyserv Failure | 230 |
| ......Machine Previously Was an NIS+ Client | 230 |
| ......No Entry in the cred Table | 230 |
| ......Changed Domain Name | 230 |
| ......When Changing a Machine to a Different Domain | 231 |
| ......NIS+ Password and Login Password in /etc/passwd File | 231 |
| ......NIS+ Password Different From Login Password | 231 |
| ......Preexisting /etc/.rootkey File | 232 |
| ......Root Password Change Causes Problem | 232 |
| ...Slow Performance and System Hang Problems | 233 |
| ......Checkpointing | 233 |
| ......Variable NIS_PATH | 234 |
| ......Table Paths | 234 |
| ......Too Many Replicas | 234 |
| ......Recursive Groups | 234 |
| ......Large NIS+ Database Logs at Start-Up | 234 |
| ......The Master rpc.nisd Daemon Died | 235 |
| ......No nis_cachemgr | 235 |
| ......Server Very Slow at Start-up After NIS+ Installation | 236 |
| ......niscat Returns: Server busy. Try Again | 236 |
| |
| ......NIS+ Queries Hang After Changing Host Name | 237 |
| ...System Resource Problems | 237 |
| ......Insufficient Memory | 238 |
| ......Insufficient Disk Space | 238 |
| ......Insufficient Processes | 239 |
| ...User Problems | 239 |
| ......User Forgot Password and Cannot Log In | 239 |
| ......User Cannot Log In Using New Password | 239 |
| ......User Cannot Remote Log In to Remote Domain | 240 |
| ...Other Problems | 240 |
| ......How to Tell if NIS+ Is Running | 240 |
| ......Replica Update Failure | 241 |
Appendices |
A. Error Messages | 245 |
| ...About NIS+ Error Messages | 245 |
| ......Error Message Context | 245 |
| ......Context-Sensitive Meanings | 246 |
| ......How Error Messages Are Alphabetized | 246 |
| ...Common NIS+ Error Messages | 247 |
B. Information in NIS+ Tables | 291 |
| ......Auto_Home Table | 292 |
| ......Auto_Master Table | 293 |
| ......Bootparams Table | 294 |
| ......Ethers Table | 295 |
以 PDF 格式下载本书