Sun and OracleChannel SunHow to BuyLog InSvenska

NIS+ and FNS Administration Guide
  Sök endast i den här boken
Hjälp för sökning
Inom
Hitta mer dokumentation
Supportresurser som ingår
 Ladda ner denna bok i PDF

Federating NIS+ With Global Naming Systems

15

FNS supports federation of enterprise naming systems implemented using NIS+ into the global naming systems, DNS and X.500. This chapter describes the procedures for federating NIS+ with DNS and X.500. In general, the procedures involve
  • Determining the NIS+ root reference for your NIS+ hierarchy
  • Adding this information in the format required by the global naming system

Obtaining the NIS+ Root Reference

To federate NIS+ under DNS or X.500, information must be added to these respective naming systems to enable access to an NIS+ hierarchy from outside of the NIS+ hierarchy. This information comes from the NIS+ root reference, which consists of network address information describing how to reach the top of a particular NIS+ hierarchy.
The NIS+ root reference consists of a single address. The address has an address type of onc_fn_nisplus_root and contains a single, XDR-encoded string. The three items in the network address are separated by white spaces:

  nis+_root_domain nis+_server [server_IP_address]
Table 15-1 is a description of the NIS+ root reference.
Table 15-1
Address ElementDescription
nis+_root_domainThe fully qualified name of the NIS+ root domain (trailing dot required)
nis+_serverThe host name of one of the servers serving nis+_root_domain
server_IP_addressThe IP address of nis+_server. This is optional if the address of nis+_server is already known. This means it is available through one of the naming services listed in the /etc/nsswitch.conf file.
In the following example,

  wiz.com. wiz-nis-master
the address indicates that name of the NIS+ root domain is wiz.com. (trailing dot is significant), and that it can be reached using the host wiz-nis-master. The IP address of the server is not given because it is available through other means.
In another example,

  woz.COM. wozwoz 133.33.33.33
indicates that the name of the NIS+ root domain is woz.com. (trailing dot is significant) and that it can be reached using the host wozwoz, with the IP address 133.33.33.33.

Federating NIS+ Under DNS

This section describes the steps required to add TXT (text) records for a subordinate enterprise naming system implemented with NIS+. To federate a subordinate naming system in DNS, you need to add reference information into DNS describing how to reach the subordinate naming system.
  1. Obtain the NIS+ root reference for your NIS+ hierarchy, as described in "Obtaining the NIS+ Root Reference" on page 285.

  2. Edit the DNS table (/etc/named.local is the default file name) and add a TXT record with the following format. 


  TXT "XFNNISPLUS nis+_root_domain nis+_server [server_IP_address]"
The following are examples of two records that convey the same information.
TXT     "XFNNISPLUS wiz.com. nis-master"
TXT     XFNNISPLUS\ wiz.com.\ nis-master
The TXT record must be associated with a DNS domain that includes an NS (name server) record entry. The following is an example of a DNS table with reference information for NIS+ bound in it.

  $ORIGIN Wiz.com  
  @      IN SOA foo bar.eng.Wiz.com  
            (  
               100    ;; Serial  
               3600   ;; Refresh  
               3600   ;; Retry  
               3600   ;; Expire  
               3600   ;; Minimum  
            )  
         NS    nshost  
         TXT   "XFNNISPLUS wiz.com. wiz-nis-master 133.33.33.33"  
  
  nshost IN  A 133.33.33.34
  1. After adding the TXT record into the DNS table, either restart the DNS server, or send it a signal to reread the table. 


  # kill -HUP <pid of in.named>

Federating NIS+ Under X.500

In order to federate a subordinate naming system in X.500, you need to add reference information into X.500 describing how to reach the subordinate naming system. This section describes the steps for adding XFN reference information to the X.500 entry that will be the parent of the subordinate naming system.
  1. Obtain the NIS+ root reference for your NIS+ hierarchy.

    See "Obtaining the NIS+ Root Reference" on page 285.

  2. Create an X.500 entry that supports XFN reference attributes.

    For example, the following command creates a new X.500 entry called c=us/o=wiz with the object classes top, organization, and XFN-supplement (1.2.840.113536.25). The XFN-supplement object class allows the c=us/o=wiz entry to store reference information for a subordinate naming system.


  # fnattr -a .../c=us/o=wiz object-class top organization XFN-supplement
If the X.500 entry already existed and was not defined with the XFN-supplement object class, it must be removed and re-created with the additional object class. Otherwise, it will not be able to hold reference information about the subordinate naming system.
  1. Add the reference information about the subordinate NIS+ system to the entry.

    After creating the X.500 entry, you can then add information about the subordinate NIS+ system by binding the appropriate NIS+ root reference to the named entry:


  # fnbind -r .../c=us/o=wiz/ onc_fn_enterprise onc_fn_nisplus_root "wiz.com. bigbig"
This example binds the reference for the NIS+ hierarchy with the root domain name wiz.com, served by the machine bigbig, to the next naming system pointer (NNSP) of the X.500 entry c=us/o=wiz, thus linking the X.500 namespace with the wiz.com. NIS+ namespace hierarchy.
The address format used is that of the NIS+ root reference described earlier. Note the use of the trailing slash in the name argument to fnbind, .../c=us/o=wiz/, to signify that the reference is being bound to the NNSP of the entry, rather than to the entry itself."