Differences in NIS on the Solaris 2.x Platform

/var/yp/securenets

The /var/yp/securenets file is used to limit access to NIS services. If such a file exists on an NIS server, the server only answers queries or supplies maps to hosts and networks listed in the file. For the file format, see the securenets(4) man page.

The following is an example of a securenets file.

255.255.255.0 13.13.13.255 host 13.13.14.1 host 13.13.14.2

Multihomed Host Support

ypserv provides support for hosts which have more than one network address. When the host maps are created, the Makefile creates a YP_MULTI_HOSTNAME entry in the map for any host that has more than one address. This entry lists all the addresses for that host. When the host address is needed, an attempt is made to use the "closest" address on the list. See the ypserv man page for more details.

The determination of "closest" address is an arithmetic one and as such there is no check for address validity. For example, let's say that a multihomed host has six IP addresses and only five of the interfaces on the machine are actually "up". Hosts on a network that is not directly connected to this multihomed hosts can receive the IP address for the "down" interface from ypserv. Thus, this hypothetical client can not reach the multihomed host.

---

Note - It is important that all addresses for a multihomed host are normally active.

---

SunOS 4.X Compatibility Mode

The Naming Service Transition Kit 1.2 supports password configuration files in both the SunOS 4.x (Solaris 1.x) password format and the Solaris 2.x password and shadow file formats.

The mode of operation is uniquely determined by the existence of the file $PWDIR/shadow, where $PWDIR is the Makefile macro set in the /var/yp/Makefile file. If the shadow file exists, NIS operates in the Solaris 2.x release mode. If this file does not exist, NIS operates in the SunOS 4.x mode.

In the SunOS 4.x mode, the password information is kept in the passwd file. In the Solaris 2.x mode, the password information is kept in the shadow file and the user account information is kept in the passwd file.

If the make macro PWDIR is set to the /etc directory, NIS can operate only in the Solaris 2.x mode because of the Solaris 2.x passwd processing requirements. However, if PWDIR points to any directory other than /etc, the user has the option of keeping passwd configuration files in either the SunOS 4.x format or in the Solaris 2.x format. The Solaris 2.x format is recommended and the rpc.yppasswdd daemon understands both password formats.

Using the Name Service Switch

The name service switch is designed to simplify name service administration. Applications can use this switch to select a name service.

This section discusses only those elements that are needed to properly configure the name service switch for NIS operation using NSkit 1.2. For a complete discussion of the switch mechanism, please consult Solaris 2.x Administering NIS+ and DNS.

The switch mechanism is implemented using the /etc/nsswitch.conf file, which specifies the source(s) used to resolve references for each information type.

As part of the Solaris 2.x installation, there are three alternative switch files: /etc/nsswitch.nisplus, /etc/nsswitch.nis, and /etc/nsswitch.files. Proper NIS operation requires only the /etc/nsswitch.nis file.

To have the switch mechanism access NIS, use the /etc/nsswitch.nis version of the switch file by copying its contents to /etc/nsswitch.conf, by typing:

# cp /etc/nsswitch.nis /etc/nsswitch.conf

Unless you have an unusual NIS database setup, the /etc/nsswitch.nis file should be sufficient for NIS operation.

---

Caution - If the /etc/nsswitch.conf file is set to files and not nis and the server is not included in the /etc/hosts file, then the ypcat command generates the following error message:

RPC failure: "RPC failure on yp operation"

---