Obtaining the NIS+ Root Reference

To federate NIS+ under DNS or X.500, information must be added to these respective naming systems to enable access to an NIS+ hierarchy from outside of the NIS+ hierarchy. This information comes from the NIS+ root reference, which consists of network address information describing how to reach the top of a particular NIS+ hierarchy.

The NIS+ root reference consists of a single address. The address has an address type of onc_fn_nisplus_root and contains a single, XDR-encoded string. The three items in the network address are separated by white spaces:

nis+_root_domain nis+_server [server_IP_address]

Table 7-1 is a description of the NIS+ root reference.

Table 7-1

Address Element	Description
nis+_root_domain	The fully qualified name of the NIS+ root domain (trailing dot required)
nis+_server	The host name of one of the servers serving nis+_root_domain
server_IP_address	The IP address of nis+_server. This is optional if the address of nis+_server is expected to be known. This means it should be available through one of the name services listed in the /etc/nsswitch.conf file. Refer to the nsswitch.conf(4)man page for information.

In the following example,

wiz.com. wiz-nis-master.wiz.com

the address indicates that name of the NIS+ root domain is wiz.com. (trailing dot is significant), and that it can be reached using the host wiz-nis-master.wiz.com. The IP address of the server is not given because it is expected to be available through other means.

In another example,

woz.com. wozwoz 133.33.33.33

indicates that the name of the NIS+ root domain is woz.com. (trailing dot is significant) and that it can be reached using the host wozwoz, with the IP address 133.33.33.33.

Federating NIS+ Under DNS

This section describes the steps required to add TXT (text) records for a subordinate enterprise naming system implemented with NIS+. To federate a subordinate naming system in DNS, you need to add reference information into DNS describing how to reach the subordinate naming system.

1. Obtain the NIS+ root reference for your NIS+ hierarchy, see "Obtaining the NIS+ Root Reference" on page 111.

2. Edit the DNS table (/etc/named.local is the default file name) and add a TXT record with the following format.

TXT "XFNNISPLUS nis+_root_domain nis+_server [server_IP_address]"

For more information about DNS tables, see NIS+ and DNS Setup and Configuration Guide.

The following are examples of two records that convey the same information.

TXT     "XFNNISPLUS wiz.com. nis-master.wiz.com"
TXT     XFNNISPLUS\ wiz.com.\ nis-master.wiz.com

The TXT record must be associated with a DNS domain that includes an NS (name server) record entry. The following is an example of a DNS table with reference information for NIS+ bound in it.

$ORIGIN Wiz.com @ IN SOA foo bar.eng.Wiz.com ( 100 ;; Serial 3600 ;; Refresh 3600 ;; Retry 3600 ;; Expire 3600 ;; Minimum ) NS nshost TXT "XFNNISPLUS wiz.com. wiz-nis-master 133.33.33.33" nshost IN A 133.33.33.34

3. After adding the TXT record into the DNS table, either restart the DNS server or send it a signal to reread the table.

# kill -HUP pid-of-in.named

For further information on how DNS TXT records are used for XFN references, see Appendix B.

Federating NIS+ Under X.500

In order to federate a subordinate naming system in X.500, reference information must be added into X.500 describing how to reach that subordinate naming system. This section describes the steps for adding XFN reference information to the X.500 entry that will be the parent of the subordinate naming system.

---

Note - An X.500 client is required in order to access X.500 using FNS. The X.500 client must export the XDS/XOM APIs from the /opt/SUNWxds/lib/libxomxds.so shared object. Consult "Getting started with the SunLink X.500 Client Toolkit" for details on SunSoft's X.500 product.

---

1. Obtain the NIS+ root reference for your NIS+ hierarchy.

   See "Obtaining the NIS+ Root Reference" on page 111.

2. Create an X.500 entry that supports XFN reference attributes.

   For example, the following command creates a new X.500 entry called c=us/o=wiz with the object classes top, organization, and XFN-supplement (1.2.840.113536.25). The XFN-supplement object class allows the c=us/o=wiz entry to store reference information for a subordinate naming system.

# fnattr -a .../c=us/o=wiz object-class top organization XFN-supplement

If the X.500 entry already existed and was not defined with the XFN-supplement object class, it must be removed and re-created with the additional object class. Otherwise, it will not be able to hold reference information about the subordinate naming system.

3. Add the reference information about the subordinate NIS+ system to the entry.

   After creating the X.500 entry, you can then add information about the subordinate NIS+ system by binding the appropriate NIS+ root reference to the named entry:

# fnbind -r .../c=us/o=wiz/ onc_fn_enterprise onc_fn_nisplus_root "wiz.com. bigbig"

This example binds the reference for the NIS+ hierarchy with the root domain name wiz.com, served by the machine bigbig, to the next naming system pointer (NNSP) of the X.500 entry c=us/o=wiz, thus linking the X.500 namespace with the wiz.com. NIS+ namespace hierarchy.

The address format used is that of the NIS+ root reference described earlier. Note the use of the trailing slash in the name argument to fnbind, .../c=us/o=wiz/, to signify that the reference is being bound to the NNSP of the entry, rather than to the entry itself.

For further information on X.500 entries and XFN references, see Appendix C, "X.500 Attribute Syntax for XFN References."