............................Contents


Preface	xxix
*Part 1--NIS+ Introduction and Overview*
1. Introduction to Name Services	1
...What Is a Name Service?	2
...DNS	8
...FNS	8
... NIS	8
......NIS Architecture	9
......NIS Maps	10
...NIS+	11
......What NIS+ Can Do for You	12
......How NIS+ Differs From NIS	13
......NIS+ Security	16
......NIS+ and the Name Service Switch	17
......Solaris 1.x and NIS-Compatibility Mode	17


......NIS+ Administration Commands	18
......NIS+ API	20
2. The NIS+ Namespace	21
...NIS+ Files and Directories	22
...Structure of the NIS+ Namespace	22
...Directories	24
...Domains	25
...Servers	27
......How Servers Propagate Changes	28
...NIS+ Clients and Principals	30
......Principal	30
......Client	31
......The Cold-Start File and Directory Cache	32
......An NIS+ Server Is Also a Client	36
...Naming Conventions	37
......NIS+ Domain Names	40
......Directory Object Names	40
......Tables and Group Names	40
......Table Entry Names	41
......Host Names	41
......NIS+ Principal Names	42
......Accepted Name Symbols	42
......NIS+ Name Expansion	43
...`NIS_PATH` Environment Variable	43


3. NIS+ Tables and Information	45
...NIS+ Table Structure	45
......Columns and Entries	47
......Search Paths	48
...Ways to Set Up Tables	50
......How Tables Are Updated	52
4. Security Overview	53
...Solaris Security--Overview	53
...NIS+ Security--Overview	56
......NIS+ Principals	58
......NIS+ Security Levels	58
......Security Levels and Password Commands	59
... NIS+ Authentication and Credentials--Introduction	59
......User and Machine Credentials	60
......DES versus LOCAL Credentials	60
..........DES Credentials	60
..........LOCAL Credentials	61
......User Types and Credential Types	62
...NIS+ Authorization and Access--Introduction	63
......Authorization Classes	63
..........The Owner Class	64
..........The Group Class	65
..........The World Class	66
..........The Nobody Class	66


..........Authorization Classes and the NIS+ Object Hierarchy	66
...... NIS+ Access Rights	67
...The NIS+ Administrator	68
...NIS+ Password, Credential, and Key Commands	69
*Part 2--Administering NIS+*
5. Administering NIS+ Credentials	73
...How Credentials Work	74
......Credential versus Credential Information	74
...... Authentication Components	75
......How Principals are Authenticated	75
..........Credentials Preparation Phase	76
..........Login Phase--Detailed Description	76
..........Request Phase--Detailed Description	77
...The DES Credential in Detail	79
......DES Credential Secure RPC Netname	80
......DES Credential Verification Field	80
......How the DES Credential Is Generated	80
......Secure RPC Password versus Login Password Problem	82
......Cached Public Keys Problems	83
...Where Credential-Related Information Is Stored	84
... The Cred Table in Detail	85
...Creating Credential Information	86
......The `nisaddcred` Command	87
......Related Commands	88


......How `nisaddcred` Creates Credential Information	89
..........LOCAL Credential Information	89
..........DES Credential Information	89
......The Secure RPC Netname and NIS+ Principal Name	90
......Creating Credential Information for the Administrator	91
......Creating Credential Information for NIS+ Principals	91
..........For User Principals--Example	93
..........Using a Dummy Password and `chkey`--Example	93
..........Creating in Another Domain--Example	95
..........For Workstations--Example	96
...Administering NIS+ Credential Information	96
......Updating Your Own Credential Information	97
......Removing Credential Information	97
6. Administering NIS+ Keys	99
...Keylogin	99
...Changing Keys for a NIS+ Principal	100
...Changing the Keys	102
......Changing Root Keys From Root	102
......Changing Root Keys From Another Machine	104
......Changing the Keys of a Root Replica from the Replica	104
......Changing the Keys of a Nonroot Server	105
...Updating Public Keys	105
......The `nisupdkeys` Command	105
......Updating Public Keys Arguments and Examples	106


......Updating IP Addresses	107
7. Administering NIS+ Access Rights	109
...Introduction to Authorization and Access Rights	110
......Authorization Classes--Review	110
......Access Rights--Review	110
......Concatenation of Access Rights	111
......How Access Rights Are Assigned and Changed	112
..........Specifying Different Default Rights	112
..........Changing Access Rights to an Existing Object	112
......Table, Column, and Entry Security	113
..........Table, Column, Entry Example	114
..........Rights at Different Levels	115
......Where Access Rights Are Stored	117
......Viewing an NIS+ Object's Access Rights	118
......Default Access Rights	119
......How a Server Grants Access Rights to Tables	119
...Specifying Access Rights in Commands	120
......Syntax for Access Rights	121
..........Class, Operator, and Rights Syntax	121
..........Syntax for Owner and Group	122
..........Syntax for Objects and Table Entries	123
...Displaying NIS+ Defaults--The `nisdefaults` Command	124
...Setting Default Security Values	125
......Displaying the Value of `NIS_DEFAULTS`	126


......Changing Defaults	126
......Resetting the Value of `NIS_DEFAULTS`	127
...Specifying Nondefault Security Values at Creation Time	127
...Changing Object and Entry Access Rights	128
......Using `nischmod` to Add Rights	128
......Using `nischmod` to Remove Rights	129
...Specifying Column Access Rights	130
......Setting Column Rights When Creating a Table	130
......Adding Rights to an Existing Table Column	131
......Removing Rights to a Table Column	132
...Changing Ownership of Objects and Entries	132
......Changing Object Owner With `nischown`	133
......Changing Table Entry Owner With `nischown`	133
...Changing an Object or Entry's Group	134
......Changing an Object's Group With `nischgrp`	134
......Changing a Table Entry's Group With `nischgrp`	135
8. Administering Passwords	137
...Using Passwords	138
......Logging In	138
..........The `Login incorrect` Message	139
..........The `password expired` Message	139
..........The `will expire` Message	140
..........The `Permission denied` Message	140
......Changing Your Password	140


..........Password Change Failures	142
......Choosing a Password	142
..........Password Requirements	142
..........Bad Choices for Passwords	143
..........Good Choices for Passwords	143
...Administering Passwords	144
......`nsswitch.conf` File Requirements	144
......The `nispasswd` Command	144
......The `yppasswd` Command	145
......The `passwd` Command	145
..........`passwd` and the `nsswitch.conf` File	145
..........The `passwd` Command and "NIS+ Environment"	147
..........The `passwd` Command and Credentials	147
..........The `passwd` Command and Permissions	147
..........The `passwd` Command and Keys	148
..........The `passwd` Command and Other Domains	148
......The `nistbladm` Command	148
..........`nistbladm` and Shadow Column Fields	149
..........`nistbladm` And the Number of Days	152
......Related Commands	154
......Displaying Password Information	154
......Changing Passwords	156
..........Changing Your Own Password	156
..........Changing Someone Else's Password	156


..........Changing Root's Password	157
......Locking a Password	157
..........Unlocking a Password	158
......Managing Password Aging	158
..........Forcing Users to Change Passwords	159
..........Setting a Password Age Limit	160
..........Setting Minimum Password Life	161
..........Establishing a Warning Period	162
..........Turning Off Password Aging	163
..........Password Privilege Expiration	164
..........Specifying Maximum Number of Inactive Days	166
..........Setting Password Aging Criteria for Multiple Users .	168
......Specifying Password Criteria and Defaults	168
..........The `/etc/defaults/passwd` File	168
..........Password Failure Limits	171
9. Administering NIS+ Groups	173
...Related Commands	174
...Specifying Group Members	174
...Using `niscat` With Groups	175
......Listing the Object Properties of a Group	176
...The `nisgrpadm` Command	177
......Creating an NIS+ Group	178
......Deleting an NIS+ Group	179
......Adding Members to an NIS+ Group	179


......Listing the Members of an NIS+ Group	180
......Removing Members From an NIS+ Group	181
......Testing for Membership in an NIS+ Group	182
10. Administering NIS+ Directories	183
...Using the `niscat` Command With Directories	184
......Listing the Object Properties of a Directory	184
...The `nisls` Command	184
......Listing the Contents of a Directory--Terse	185
......Listing the Contents of a Directory--Verbose	186
...The `nismkdir` Command	187
......Creating a Directory	187
......Adding a Replica to an Existing Directory	189
...The `nisrmdir` Command	190
......Removing a Directory	190
......Disassociating a Replica From a Directory	191
...The `nisrm` Command	191
......Removing Nondirectory Objects	192
...The `rpc.nisd` Command	192
......Starting a NIS-Compatible Daemon	193
......Starting a DNS-Forwarding NIS-Compatible Daemon	194
......Stopping the NIS+ Daemon	194
...The `nisinit` Command	194
......Initializing a Client	195
......Initializing the Root Master Server	196


...The `nis_cachemgr` Command	196
......Starting the Cache Manager	197
...The `nisshowcache` Command	197
......Displaying the Contents of the NIS+ Cache	197
...The `nisping` Command	198
......Displaying the Time of the Last Update	199
......Pinging Replicas	199
......Checkpointing a Directory	200
...The `nislog` Command	201
......Displaying the Contents of the Transaction Log	201
...The `nischttl` Command	203
......Changing the Time-to-Live of an Object	204
......Changing the Time-to-Live of a Table Entry	205
11. Administering NIS+ Tables	207
...The `nistbladm` Command	208
......Creating a New Table	209
......Deleting a Table	211
......Adding an Entry to a Table	211
..........Using the `-a` Option	211
..........Using the `-A` Option	213
......Modifying a Table Entry	213
......Removing a Single Entry From a Table	214
......Removing Multiple Entries From a Table	215
...The `niscat` Command	216


......Displaying the Contents of a Table	217
......Displaying the Object Properties of a Table or Entry	217
...The `nismatch` and `nisgrep` Commands	219
......About Regular Expressions	220
...... Searching the First Column	221
......Searching a Particular Column	222
......Searching Multiple Columns	222
...The `nisln` Command	222
......Syntax	223
......Creating a Link	223
...The `nissetup` Command	224
......Expanding a Directory Into an NIS+ Domain	225
......Expanding a Directory Into an NIS-Compatible Domain	225
...The `nisaddent` Command	226
......Loading Information From a File	228
......Loading Data From an NIS Map	229
......Dumping the Contents of an NIS+ Table to a File	231
12. The Name Service Switch	233
...About the Name Service Switch	233
......Format of the `nsswitch.conf` File	234
..........Search Criteria	235
..........Switch Status Messages	236
..........Switch Action Options	236
..........Default Search Criteria	236


..........What if the Syntax Is Wrong?	238
..........Auto_home and Auto_master	238
..........Timezone	238
......Comments in `nsswitch.conf` Files	238
...The `nsswitch.conf` Template Files	239
......Switch Template File Examples	240
......Default `nsswitch.conf` File	241
...DNS Forwarding	241
......DNS Forwarding for NIS+ Clients	242
......DNS Forwarding for NIS Clients	242
...Adding Compatibility With +/- Syntax	242
13. Removing NIS+	245
...Removing NIS+ From a Client Machine	245
......Removing NIS+ That Was Installed Using `nisclient`	245
......Removing NIS+ That Was Installed Using NIS+ Commands	246
...Removing NIS+ From a Server	246
...Removing NIS+ From a Server	247
...Removing the NIS+ Namespace	248
*Part 3--Administering FNS*
14. Administering FNS in NIS+	253
...Setting Up FNS	254
......Estimating Resource Requirements	254
......Setting Up NIS+ Service for FNS	254
......Setting Up the FNS Namespace	255


......Replicating FNS Service	256
...Creating FNS Contexts Individually	257
......Organization Context	259
......All Hosts Context	260
......Single Host Context	260
..........Host Aliases	261
......All Users Context	261
......Single User Context	262
......Service Context	263
......Printer Context	264
......Generic Context	264
......Site Context	265
......File Context	266
......Namespace Identifier Context	266
...Managing and Examining FNS Contexts	267
......Displaying the Binding	267
......Listing the Context	269
......Binding a Composite Name to a Reference	273
......Removing a Composite Name	275
......Renaming an Existing Binding	275
......Destroying the Named Context	276
...Managing and Examining FNS Attributes	276
......Adding an Attribute	276
......Deleting an Attribute	277


......Listing an Attribute	277
......Modifying an Attribute	278
......Other Options	278
...Maintaining Consistency Between NIS+ and FNS	278
......Checking Naming Inconsistencies	279
...Advanced FNS and NIS+ Issues	280
......Mapping FNS Contexts to NIS+ Objects	280
......Browsing FNS Structures Using NIS+ Commands	280
......Checking Access Control	282
...Significance of Double Slashes	283
...Significance of Trailing Slash	284
...Troubleshooting and Error Messages	284
15. Federating NIS+ With Global Naming Systems	285
...Obtaining the NIS+ Root Reference	285
...Federating NIS+ Under DNS	286
...Federating NIS+ Under X.500	288
16. Administering the File System Namespace	291
...The FNS File System Namespace	291
......NFS File Servers	292
......The Automounter	293
...Creating File Contexts	294
......Creating the Input File	295
......Using Command-line Input	297
......Advanced Input Formats	298


..........Multiple Locations	298
..........Variable Substitution	298
......Backward Compatibility Input Format	299
...Administering File Contexts	299
17. Administering the Printer Namespace	301
...The Printer Namespace	301
...Administering `printer` Contexts	302
......Using Files	302
......Using NIS	302
......Using NIS+	303
*Part 4--Appendices*
A. Problems and Solutions	307
...Namespace Administration Problems	308
......Illegal Object Problems	308
......`nisinit` Fails	309
......Checkpoint Keeps Failing	309
......Cannot Add User to a Group	309
...... Logs Grow too Large	309
......Lack of Disk Space	310
......Cannot Truncate Transaction Log File	310
......Domain Name Confusion	310
......Cannot Delete `org_dir` or `groups_dir`	311
...Namespace Database Problems	311
......Multiple `rpc.nisd` Parent Processes	311


...NIS Compatibility Problems	312
......User Cannot Log In After Password Change	313
...... `nsswitch.conf` File Fails to Perform Correctly	314
...Object Not Found Problems	314
......Syntax or Spelling Error	315
......Incorrect Path	315
......Domain Levels Not Correctly Specified	315
......Object Does Not Exist	316
......Lagging or Out-of-Sync Replica	316
......Files Missing or Corrupt	316
......Old `/var/nis` Filenames	317
......Blanks in Name	317
......Cannot Use Automounter	318
...Ownership and Permission Problems	318
......No Permission	319
......No Credentials	319
......Server Running at Security Level 0	319
......User Login Same as Machine Name	319
......Bad Credentials	321
...Security Problems	321
......"Login Incorrect" Message	321
......Password Locked, Expired, or Terminated	322
......Stale and Outdated Credential Information	322
..........Storing and Updating Credential Information	322


..........Updating Stale Cached Keys	324
......Corrupted Credentials	327
......`Keyserv` Failure	328
......Machine Previously Was an NIS+ Client	329
......No Entry in the cred Table	329
......Changed Domain Name	329
......When Changing a Machine to a Different Domain	329
......NIS+ Password and Login Password in `/etc/passwd` File	330
...... Secure RPC Password and Login Passwords Are Different	330
......Preexisting `/etc/.rootkey` File	331
......Root Password Change Causes Problem	332
...Slow Performance and System Hang Problems	332
......Checkpointing	333
......Variable `NIS_PATH`	333
......Table Paths	333
......Too Many Replicas	334
......Recursive Groups	334
......Large NIS+ Database Logs at Start-up	334
......The Master `rpc.nisd` Daemon Died	334
......No `nis_cachemgr`	335
......Server Very Slow at Start-up After NIS+ Installation	335
......`niscat` Returns: `Server busy. Try Again`	336
......NIS+ Queries Hang After Changing Host Name	336
...System Resource Problems	337


......Insufficient Memory	337
......Insufficient Disk Space	338
......Insufficient Processes	338
...User Problems	338
......User Cannot Log In	339
......User Cannot Log In Using New Password	340
......User Cannot Remote Log In to Remote Domain	340
......User Cannot Change Password	340
...Other NIS+ Problems	341
......How to Tell if NIS+ Is Running	341
......Replica Update Failure	341
...FNS Problems and Solutions	343
......Cannot Obtain Initial Context	343
......Nothing in Initial Context	343
......"No Permission" Messages (FNS)	344
......`fnlist` Does not List Suborganizations	345
......Cannot Create Host- or User-related Contexts	345
......Cannot Remove a Context I Created	346
......"Name in Use" with `fnunbind`	346
......"Name in Use" with `fnbind`/`fncreate -s`	347
......`fndestroy`/`fnunbind` and "Operation Failed"	347
B. Error Messages	349
...About NIS+ and FNS Error Messages	349
......Error Message Context	349


......Context-Sensitive Meanings	350
......How Error Messages Are Alphabetized	350
...Common NIS+ and FNS Error Messages	351
C. Information in NIS+ Tables	403
......Auto_Home Table	404
......Auto_Master Table	405
......Bootparams Table	406
......Cred Table	407
......Ethers Table	408
......Group Table	409
......Hosts Table	410
......Mail_aliases Table	411
......Netgroup Table	411
......Netmasks Table	413
......Networks Table	414
......Passwd Table	414
......Protocols Table	416
......RPC Table	416
......Services Table	417
......Timezone Table	418
Index	429