Skip to ContentSun and Oracle Channel Sun How to Buy Log In

NIS+ and FNS Administration Guide

Contained Within

Solaris 2.5 System Administrator AnswerBook

Find More Documentation

Featured Support Resources

Download this book in PDF

Information in NIS+ Tables

C

This appendix summarizes the information stored in the following NIS+ tables:

*Auto_Home Table*	*page 404*
*Auto_Master Table*	*page 405*
*Bootparams Table*	*page 406*
*Cred Table*	*page 407*
*Ethers Table*	*page 408*
*Group Table*	*page 409*
*Hosts Table*	*page 410*
*Mail_aliases Table*	*page 411*
*Netgroup Table*	*page 411*
*Netmasks Table*	*page 413*
*Networks Table*	*page 414*
*Passwd Table*	*page 414*
*Protocols Table*	*page 416*
*RPC Table*	*page 416*
*Services Table*	*page 417*
*Timezone Table*	*page 418*

Without a name service, most network information would be stored in /etc files and almost all NIS+ tables have corresponding /etc files. With the NIS service, you stored network information in NIS maps that also mostly corresponded with /etc files.

In the Solaris environment the name service switch file (nsswitch.conf) allows you to specify one or more sources for different types of information. In addition to NIS+ tables, that source can be NIS maps, DNS zone files, or /etc tables. The order in which you specify them determines how the information from different sources is combined.

If you are creating input files for any of these tables, most tables share two formatting requirements:

You must use one line per entry
You must separate columns with one or more spaces or Tabs.

If a particular table has different or additional format requirements, they are described under the heading, "Input File Format. "

Auto_Home Table

The auto_home table is an indirect automounter map that enables an NIS+ client to mount the home directory of any user in the domain. It does this by specifying a mount point for each user's home directory, the location of each home directory, and mount options, if any. Because it is an indirect map, the first part of the mount point is specified in the auto_master table, which is, by default, /home. The second part of the mount point (that is, the subdirectory under /home) is specified by the entries in the auto_home map, and is different for each user.

The auto_home table has two columns:

Table C-1

Column	Content	Description
Key	Mount point	The login name of every user in the domain
Value	Options & location	The mount options for every user, if any, and the location of the user's home directory

For example:

costas barcelona:/export/partition2/costas

The home directory of the user costas, which is located on the server barcelona, in the directory /export/partition2/costas, would be mounted under a client's /home/costas directory. No mount options were provided in the entry.

Auto_Master Table

The auto_master table lists all the automounter maps in a domain. For direct maps, the auto_master table provides a map name. For indirect maps, it provides both a map name and the top directory of its mount point. The auto_master table has two columns:

Table C-2

Column	Content	Description
Key	Mount point	The top directory into which the map will be mounted. If the map is a direct map, this is a dummy directory, represented with `/--.`
Value	Map name	The name of the automounter map

For example, assume these entries in the auto_master table:

/home auto_home /-auto_man /programs auto_programs

The first entry names the auto_home map. It specifies the top directory of the mount point for all entries in the auto_home map: /home. (The auto_home map is an indirect map.) The second entry names the auto_man map. Because that map is a direct map, the entry provides only the map name. The auto_man map will itself provide the topmost directory, as well as the full pathname, of the mount points for each of its entries. The third entry names the auto_programs map and, since it provides the top directory of the mount point, the auto_programs map is an indirect map.

All automounter maps are stored as NIS+ tables. By default, the Solaris environment provides the auto_master map, which is mandatory, and the auto_home map, which is a great convenience. You can create more automounter maps for a domain, but be sure to store them as NIS+ tables and list them in the auto_master table. For more information about the automounter consult books about the automounter or books that describe the NFS file system.

Bootparams Table

The bootparams table stores configuration information about every diskless workstation in a domain. A diskless workstation is a workstation that is connected to a network, but has no hard disk. Since it has no internal storage capacity, a diskless workstation stores its files and programs in the file system of a server on the network. It also stores its configuration information--or boot parameters--on a server.

Because of this arrangement, every diskless workstation has an initialization program that knows where this information is stored. If the network has no name service, the program looks for this information in the server's /etc/bootparams file. If the network uses the NIS+ name service, the program looks for it in the bootparams table, instead.

The bootparams table can store any configuration information about diskless workstations. It has two columns: one for the configuration key, another for its value. By default, it is set up to store the location of each workstation's root, swap, and dump partitions.

The default bootparams table has only two columns that provide the following items of information:

Table C-3

Column	Content	Description
Key	Hostname	The diskless workstation's official host name, as specified in the hosts table
Value	Configuration	Root partition: the location (server name and path) of the workstation's root partition Swap partition: the location (server name and path) of the workstation's swap partition

Table C-3

Column Content

Description

Dump partition: the location (server name and path) of the workstation's dump partition

Install partition.

Domain.

Input File Format The columns are separated with a TAB character. Backslashes (\) are used to break a line within an entry. The entries for root, swap, and dump partitions have the following format:


  client-name root=server:path \  
        swap=server:path \  
          dump=server:path \  
          install=server:path \  
          domain=domainname

Here is an example:


  buckarooroot=bigriver:/export/root1/buckaroo \  
    swap=bigriver:/export/swap1/buckaroo \  
    dump=bigriver:/export/dump/buckaroo \  
    install=bigriver:/export/install/buckaroo \  
    domain=sales.wiz.com

Additional parameters are available for x86-based workstations. See the bootparams man page for additional information.

Cred Table

The cred table stores credential information about NIS+ principals. Each domain has one cred table, which stores the credential information of client workstations that belong to that domain and client users who are allowed to log into them. (In other words, the principals of that domain.) The cred tables are located in their domains' org_dir subdirectory.

Note - Do not link a cred table. Each org_dir directory should have its own cred table. Do not use a link to some other org_dir cred table.

The cred table has five columns:

Table C-4

NIS+ Principal Name	Authentication Type	Authentication Name	Public Data	Private Data
Principal name of a principal user	LOCAL	UID	GID list
Principal name of a principal user or workstation	DES	Secure RPC netname	Public key	Encrypted private key

The second column, authentication type, determines the types of values found in the other four columns.

LOCAL. If the authentication type is LOCAL, the other columns contain a principal user's name, UID, and GID; the last column is empty.
DES. If the authentication type is DES, the other columns contain a principal's name, Secure RPC netname, public key, and encrypted private key. These keys are used in conjunction with other information to encrypt and decrypt a DES credential.

See Chapter 5, "Administering NIS+ Credentials," for additional information on credentials and the cred table.

Ethers Table

The ethers table stores information about the 48-bit Ethernet addresses of workstations on the Internet. It has three columns:

Table C-5

Column	Content	Description
Addr	Ethernet-address	The 48-bit Ethernet address of the workstation
Name	Official-host-name	The name of the workstation, as specified in the hosts table
Comment	Comment	An optional comment about the entry

An Ethernet address has the form:

n:n:n:n:n:n hostname

where n is a hexadecimal number between 0 and FF, representing one byte. The address bytes are always in network order (most significant byte first).

Group Table

The group table stores information about workstation user groups. In the Solaris environment, three kinds of groups: net groups, NIS+ groups, and UNIX groups.

A net group is a group of workstations and users that have permission to perform remote operations on other workstations in the group. An NIS+ group is a set of NIS+ users that can be assigned access rights to an NIS+ object. They are described in Chapter 4, "Security Overview." A UNIX group is simply a collection of users who are given additional UNIX access permissions.

UNIX groups allow a set of users on the network to access a set of files on several workstations or servers without making those files available to everyone. For example, the engineering and marketing staff working on a particular project could form a workstation user group.

The group table has four columns:

Table C-6

Column	Description
Name	The group's name
Passwd	The group's password
GID	The group's numerical ID
Members	The names of the group members, separated by commas

Previous Solaris releases used a +/- syntax in local /etc/group files to incorporate or overwrite entries in the NIS group maps. Since the Solaris environment uses the name service switch file to specify a workstation's sources of information, this is no longer necessary. All you have to do in Solaris 2 systems is edit a client's /etc/nsswitch.conf file to specify files, followed by nisplus as the sources for the group information. This effectively adds the contents of the group table to the contents of the client's /etc/group file.

Hosts Table

The hosts table associates the names of all the workstations in a domain with their IP addresses. The workstations are usually also NIS+ clients, but they don't have to be. Other tables, such as bootparams, group, and netgroup, rely on the network names stored in this table. They use them to assign other attributes, such as home directories and group memberships, to individual workstations. The hosts table has four columns:

Table C-7

Column	Description
Addr	The workstation's IP address (network number plus workstation ID number)
Cname	The workstation's official name
Name	A name used in place of the host name to identify the workstation
Comment	An optional comment about the entry

Mail_aliases Table

The mail_aliases table lists the domain's mail aliases recognized by sendmail. It has four columns:

Table C-8

Column	Description
Alias	The name of the alias
Expansion	A list containing the members that receive mail sent to this alias; members can be users, workstations, or other aliases
Comment	An optional comment about the entry
Options	(See man page for options)

Input File Format Each entry has the following format:


  alias-name:member[,member]...

To extend an entry over several lines, use a backslash.

Netgroup Table

The netgroup table defines network wide groups used to check permissions for remote mounts, logins, and shells. The members of net groups used for remote mounts are workstations; for remote logins and shells, they are users.

Note - Users working on a client machine being served by a NIS+ server running in compatibility mode cannot run ypcat on the netgroup table. Doing so will give you results as if the table were empty even if it has entries.

The netgroup table has six columns:

Table C-9

Column	Content	Description
Name	groupname	The name of the network group
Group	groupname	Another group that is part of this group
Host	hostname	The name of a host
User	username	A user's login name
Domain	domainname	A domain name
Comment	Comment	An optional comment about the entry

Input File Format The input file consists of a group name and any number of members:


  groupname member-list...

The member list can contain the names of other net groups or an ordered member list with three fields or both:


  member-list::=groupname | (hostname, username, domainname)

The first field of the member list specifies the name of a workstation that belongs to the group. The second field specifies the name of a user that belongs to the group. The third field specifies the domain in which the member specification is valid.

A missing field indicates a wildcard. For example, this net group includes all workstations and users in all domains:

everybody (,,)

A dash in a field is the opposite of a wildcard; it indicates that no workstations or users belong to the group. Here are two examples:

(host1, -,wiz.com.) (-,joe,wiz.com.)

The first specification includes one workstation, host1, in the wiz.com. domain, but excludes all users. The second specification includes one user in the wiz.com. domain, but excludes all workstations.

Netmasks Table

The netmasks table contains the network masks used to implement standard Internet subnetting. The table has three columns:

Table C-10

Column	Description
Addr	The IP number of the network
Mask	The network mask to use on the network
Comment	An optional comment about the entry

For network numbers, you can use the conventional IP dot notation used by workstation addresses, but leave zeroes in place of the workstation addresses. For example, this entry


  128.32.0.0         255.255.255.0

means that class B network 128.32.0.0 should have 24 bits in its subnet field, and 8 bits in its host field.

Networks Table

The networks table lists the networks of the Internet. This table is normally created from the official network table maintained at the Network Information Control Center (NIC), though you may need to add your local networks to it. It has four columns:

Table C-11

Column	Description
Cname	The official name of the network, supplied by the Internet
Addr	The official IP number of the network
Name	An unofficial name for the network
Comment	An optional comment about the entry

Passwd Table

The passwd table contains information about the accounts of users in a domain. These users generally are, but do not have to be, NIS+ principals. Remember though, that if they are NIS+ principals, their credentials are not stored here, but in the domain's cred table. The passwd table usually grants read permission to the world (or to nobody).

Note - There should not be any entry in this table for the user root (user ID 0). Root's password information should be stored and maintained in the machine's /etc files.

The information in the passwd table is added when users' accounts are created.

The passwd table contains the following columns:

Table C-12

Column	Description
Name	The user's login name, which is assigned when the user's account is created; the name can contain no uppercase characters and can have a maximum of eight characters
Passwd	The user's encrypted password
UID	The user's numerical ID, assigned when the user's account is created
GID	The numerical ID of the user's default group
GCOS	The user's real name plus information that the user wishes to include in the From: field of a mail-message heading; an "&" in this column simply uses the user's login name
Home	The path name of the user's home directory.
Shell	The user's initial shell program; the default is the Bourne shell: `/usr/bin/sh.`
Shadow	(See Table C-13 on page 415.)

The passwd table shadow column stores restricted information about user accounts. It includes the following information:

Table C-13

Item	Description
Lastchg	The number of days between January 1, 1970, and the date the password was last modified
Min	The minimum number of days recommended between password changes
Max	The maximum number of days that the password is valid
Warn	The number of days' warning a user receives before being notified that his or her password has expired
Inactive	The number of days of inactivity allowed for the user
Expire	An absolute date past which the user's account is no longer valid
Flag	Reserved for future use: currently set to 0.

Previous Solaris releases used a +/- syntax in local /etc/passwd files to incorporate or overwrite entries in the NIS password maps. Since the Solaris 2 environment uses the name service switch file to specify a workstation's sources of information, this is no longer necessary. All you have to do in Solaris 2 systems is edit a client's /etc/nsswitch.conf file to specify files, followed by nisplus as the sources for the passwd information. This effectively adds the contents of the passwd table to the contents of the /etc/passwd file.

However, if you still want to use the +/- method, edit the client's nsswitch.conf file to add compat as the passwd source if you are using NIS. If you are using NIS+, add passwd_compat: nisplus.

Protocols Table

The protocols table lists the protocols used by the Internet. It has four columns:

Table C-14

Column	Description
Cname	The protocol name
Name	An unofficial alias used to identify the protocol
Number	The number of the protocol
Comments	Comments about the protocol

RPC Table

The RPC table lists the names of RPC programs. It has four columns:

Table C-15

Column	Description
Cname	The name of the program
Name	Other names that can be used to invoke the program
Number	The program number
Comments	Comments about the RPC program

Here is an example of an input file for the RPC table:


  #  
  # rpc file  
  #  
  rpcbind         100000          portmap         sunrpc          portmapper  
  rusersd         100002          rusers  
  nfs             100003          nfsprog  
  mountd          100005          mount           showmount  
  walld           100008          rwall           shutdown  
  sprayd          100012          spray  
  llockmgr        100020  
  nlockmgr        100021  
  status          100024  
  bootparam       100026  
  keyserv         100029          keyserver  
  nisd            100300          rpc.nisd  
  #

Services Table

The services table stores information about the Internet services available on the Internet. It has five columns:

Table C-16

Column	Description
Cname	The official Internet name of the service
Name	The list of alternate names by which the service can be requested
Proto	The protocol through which the service is provided (for instance, 512/tcp)
Port	The port number
Comment	Comments about the service

Timezone Table

The timezone table lists the default timezone of every workstation in the domain. The default time zone is used during installation but can be overridden by the installer. The table has three columns:

Table C-17

Field	Description
Name	The name of the domain
Tzone	The name of the time zone (for example, US/Pacific)
Comment	Comments about the time zone