Administering NIS+ Databases

NIS+ provides a central store of information for network resources such as hosts, users, and mailboxes. NIS+ replaces NIS (Network Information Service) and provides the following enhancements.

• An organizational framework that is simpler to administer in large companies.

• Improved security.

• Improved distribution time to propagate changes through the network.

In addition, the Solaris Operating Environment provides a nameservice switch file, /etc/nsswitch.conf, that lets you use several different network information services at once. The /etc/nsswitch.conf file also lets you specify which service provides which type of information. In previous SunOS releases, selection of the nameservice was hard-coded into the services, which made it difficult to switch to a new nameservice. The /etc/nsswitch.conf file defines the order in which local files and network databases are searched for information. Describing how to set up NIS+ is beyond the scope of this book.

Using NIS+ Tables

NIS+ tables correspond to NIS maps. The Solaris Operating Environment provides 16 types of tables (shown in Figure 19) that store the network information used by NIS+.

Each table stores a different type of information about users, workstations, or resources on the network. For instance, the Hosts table stores the host name and network address of every workstation in the domain; the Bootparams table stores the location of the root, swap, and dump directories of the diskless clients in the domain.

Each domain can have its own set of these NIS+ tables, which store all the NIS+ information for that particular domain. Table 79 lists the 16 NIS+ tables and the information they store.

Table 79. NIS+ Tables

Table	Information in the Table
Hosts	Network address and host name of every workstation in the domain.
Bootparams	Location of the root, swap, and dump partition of every diskless client in the domain.
Password	Password information about every NIS+ principal (Nobody, Owner, Group, or World) in the domain, plus a pointer to the shadow file.
Cred	Credentials for principals who have permission to access the information or objects in the domain.
Group	Password, group ID, and members of every group in the domain.
Netgroup	The netgroups to which workstations and users in the domain may belong.
Aliases	Information about the sendmail and e-mail aliases of individual users in the domain.
Timezone	The time zone of every workstation in the domain.
Networks	The networks in the domain and their canonical names.
Netmasks	The networks in the domain and their associated netmasks.
Ethers	The Ethernet address of every workstation in the domain.
Services	The names of IP services used in the domain and their port numbers.
Protocols	The list of IP protocols used in the domain.
RPC	The RPC program numbers for RPC services available in the domain.
Auto_Home	The location of all users' home directories in the domain.
Auto_Master	Automounter map information.

You can access information in NIS+ tables either by entry row or by column, as shown in Figure 20.

For example, if you want to find the network address of a workstation named drusilla in the Hosts database, you can ask a search program to look through the hostname column until it finds drusilla, as shown in Figure 21. The program then searches the drusilla entry row to find its network address, as shown in Figure 22.

You can use NIS+ commands to perform these types of searches for you. Table 80 lists the NIS+ administrative commands.

Table 80. NIS+ Administrative Commands

Command	Description
nistbladm	Display, add, modify, and delete information in an NIS+ table.
nisgrep	Search for information in an NIS+ table.
nismatch	Search for information in an NIS+ table.
niscat	Display the entire contents of an NIS+ table.

See the manual pages for information about how to use these commands.

NIS+ Security

NIS+ uses a security authorization model that is similar to the UNIX file system model. It specifies that each item in the namespace as well as each record, each column, and each row has associated with it a set of access rights that are granted to four broad classes of principals.

• The owner of the item.

• A group owner of the item.

• All other principals.

• nobody—the class of users not defined in the NIS+ domain or those users accessing NIS+ resources from NIS clients.

The specific access rights are different from the traditional read, write, and execute rights of file systems because of the nature of information services. Refer to your system manual for more information about NIS+ security.