Page is loading ...
Bull
AIX 4.3 Network Information Services
(NIS and NIS+) Guide
AIX
86 A2 22KX 00
ORDER REFERENCE
Bull
AIX 4.3 Network Information Services
(NIS and NIS+) Guide
AIX
Software
November 1999
BULL ELECTRONICS ANGERS
CEDOC
34 Rue du Nid de Pie – BP 428
49004 ANGERS CEDEX 01
FRANCE
86 A2 22KX 00
ORDER REFERENCE
The following copyright notice protects this book under the Copyright laws of the United States of America
and other countries which prohibit such actions as, but not limited to, copying, distributing, modifying, and
making derivative works.
Copyright
Bull S.A. 1999
Printed in France
Suggestions and criticisms concerning the form, content, and presentation of
this book are invited. A form is provided at the end of this book for this purpose.
To order additional copies of this book or other Bull Technical Publications, you
are invited to use the Ordering Form also provided at the end of this book.
Trademarks and Acknowledgements
We acknowledge the right of proprietors of trademarks mentioned in this book.
AIX
R
is a registered trademark of International Business Machines Corporation, and is being used under
licence.
UNIX is a registered trademark in the United States of America and other countries licensed exclusively through
the Open Group.
Year 2000
The product documented in this manual is Year 2000 Ready.
The information in this document is subject to change without notice. Groupe Bull will not be liable for errors
contained herein, or for incidental or consequential damages in connection with the use of this material.
iii
Preface
About This Book
This book is for AIX system administrators who maintain Network Information System or
NIS+ servers and clients. Familiarity with the Base Operating System and the material
covered in AIX 4.3 System Management Guide: Communications and Networks, AIX 4.3
System Management Guide: Operating System and Devices, and AIX 4.3 System User’s
Guide: Communications and Networks is necessary.
Who Should Use This Book
This book is intended for system administrators who perform system management tasks
that involve NIS or NIS+.
How to Use This Book
Chapters in this book provide overview, installation and configuration, maintenance,
troubleshooting, and reference information for NIS and for NIS+. Procedural information is
located near the relevant conceptual information for easier access.
Highlighting
The following highlighting conventions are used in this book:
Bold Identifies commands, keywords, files, directories, and other
items whose names are predefined by the system.
Italics Identifies parameters whose actual names or values are to be
supplied by the user.
Monospace Identifies examples of specific data values, examples of text
similar to what you might see displayed, examples of portions
of program code similar to what you might write as a
programmer, messages from the system, or information you
should actually type.
ISO 9000
ISO 9000 registered quality systems were used in the development and manufacturing of
this product.
AIX Support for the X/Open UNIX95 Specification
The AIX operating system is designed to support the X/Open UNIX95 Specification for
portability of UNIX–based operating systems. Many new interfaces, and some current ones,
have been added or enhanced to meet this specification. AIX 4.3 is even more open and
portable for applications.
At the same time, compatibility with previous AIX releases is preserved. This is
accomplished by the creation of a new environment variable that can be used to set the
system environment on a per–system, per–user, or per–process basis.
iv
AIX 4.3 NIS and NIS+ Guide
To determine the proper way to develop a UNIX95–portable application, you may need to
refer to the X/Open UNIX95 Specification, which can be obtained on a CD–ROM by
ordering the printed copy of AIX Commands Reference, order number 86 A2 38JX to 86 A2
43JX, or by ordering Go Solo: How to Implement and Go Solo with the Single Unix
Specification, a book which includes the X/Open UNIX95 Specification Specification on a
CD–ROM.
Related Publications
The following book contains information about or related to communications:
AIX and Related Products Documentation Overview, order number 86 A2 71WE.
AIX 4.3 System Management Guide: Communications and Networks,
order number 86 A2 31JX.
AIX 4.3 System Management Guide: Operating System and Devices,
order number 86 A2 99HX.
AIX 4.3 System User’s Guide: Communications and Networks,
order number 86 A2 98HX.
AIX General Programming Concepts: Writing and Debugging Programs,
order number 86 A2 34JX.
AIX Commands Reference, order number 86 A2 38JX to 86 A2 43JX.
AIX 4.3 Installation Guide, order number 86 A2 43GX.
Albitz, Paul and Liu, Cricket, [1992], DNS and BIND in a Nutshell, O’Reilly & Associates,
Inc., Sebastopol, CA, ISBN 0–56592–010–4.
Stern, Hal, [1991], Managing NFS and NIS, O’Reilly & Associates, Inc., Sebastopol, CA,
ISBN 0–93–717575–7.
Tanenbaum, Andrew S., Computer Networks, Prentice Hall, Englewood Cliffs, NJ, ISBN
0–13–165183–8.
Ordering Publications
You can order publications from your sales representative or from your point of sale.
To order additional copies of this book, use order number 86 A2 22KX.
Use AIX and Related Products Documentation Overview for information on related
publications and how to obtain them.
v
Preface
Contents
About This Book iii. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 1. Introduction to Name Services 1-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Name Services Overview 1-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Domain Name System (DNS) Overview 1-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Network Information Service (NIS) Overview 1-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS Architecture 1-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS Maps 1-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Network Information Service+ (NIS+) Overview 1-7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Differences Between NIS and NIS+ 1-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Domain Structure 1-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
DNS, NIS, and NIS+ Interoperability 1-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Server Configuration 1-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Information Management 1-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Security 1-11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Security Overview 1-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS–Compatibility Mode 1-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using NIS+ APIs 1-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using NIS+ Commands 1-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 2. Network Information Service 2-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Components of NIS 2-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Servers 2-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Clients 2-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS Domain 2-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS Maps 2-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ypservers: a Special Map 2-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Netgroups: Network–Wide Groups of Machines and Users 2-4. . . . . . . . . . . . . . . . . .
makedbm and Makefile: Creating Maps 2-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Maintaining Consistent System Information with NIS 2-5. . . . . . . . . . . . . . . . . . . . . . . . . .
Installing and Configuring NIS 2-6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring NIS 2-6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preparing a Host for NIS Configuration 2-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Starting and Stopping NIS Daemons 2-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up NIS Client Files to Use NIS Services 2-14. . . . . . . . . . . . . . . . . . . . . . . . . . .
Maintaining NIS 2-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Prerequisite 2-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS Security 2-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing an NIS Map 2-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing NIS Passwords 2-19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding a New NIS Slave Server 2-19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding a New NIS User 2-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating Nonstandard NIS Maps 2-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Propagating an NIS Map 2-22. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Moving the Master Server to a Different Host 2-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using NIS Automount 2-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using automount Maps 2-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Managing NIS automount Maps 2-28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Maintaining All of the automount Maps with NIS 2-29. . . . . . . . . . . . . . . . . . . . . . . . . . .
vi
AIX 4.3 NIS and NIS+ Guide
NIS Reference 2-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Daemons 2-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Commands 2-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 3. Moving from NIS to NIS+ 3-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changes Required to Move to NIS+ 3-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Suggested Transition Phases 3-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Transition Principles 3-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Become Familiar with NIS+ 3-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Design Your Final NIS+ Namespace 3-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Plan Security Measures 3-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Decide How to Use NIS–Compatibility Mode 3-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Complete Prerequisites to Transition 3-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implement the Transition 3-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Designing the NIS+ Namespace 3-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Identifying the Goals of Your Administrative Model 3-5. . . . . . . . . . . . . . . . . . . . . . . . .
Designing the Namespace Structure 3-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Selecting the Namespace Servers 3-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Determine Table Configurations 3-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Resolving User/Host Name Conflicts 3-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Planning NIS+ Security Measures 3-17. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Understanding the Impact of NIS+ Security 3-17. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Selecting Credentials 3-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Choosing a Security Level 3-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Establishing Password–Aging Criteria, Principles, and Rules 3-19. . . . . . . . . . . . . . . .
Planning NIS+ Groups 3-19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Planning Access Rights to NIS+ Groups and Directories 3-20. . . . . . . . . . . . . . . . . . . .
Planning Access Rights to NIS+ Tables 3-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using NIS–Compatibility Mode 3-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Selecting Your NIS–Compatible Domains 3-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Determining NIS–Compatible Server Configuration 3-25. . . . . . . . . . . . . . . . . . . . . . . .
Deciding How to Transfer Information Between Services 3-25. . . . . . . . . . . . . . . . . . . .
Deciding How to Implement DNS Forwarding 3-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS and NIS+ API Function Equivalents 3-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS–Compatibility Mode Protocol Support 3-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Prerequisites to Transition 3-28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Gauge the Impact of NIS+ on Other Systems 3-28. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Train Administrators 3-28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Write a Communications Plan 3-29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Identify Required Conversion Tools and Processes 3-29. . . . . . . . . . . . . . . . . . . . . . . .
Identify Administrative Groups Used for Transition 3-29. . . . . . . . . . . . . . . . . . . . . . . . .
Determine Who Will Own the Domains 3-30. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Determine Resource Availability 3-30. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Resolve Conflicts Between Login Names and Host Names 3-30. . . . . . . . . . . . . . . . . .
Examine All Information Source Files 3-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Remove the ”.” from Host Names 3-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Remove the ”.” from NIS Map Names 3-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Document Your Current NIS Namespace 3-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create a Conversion Plan for Your NIS Servers 3-32. . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementing the Transition 3-33. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Phase I––Set Up the NIS+ Namespace 3-33. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Phase II––Connect the NIS+ Namespace to Other Namespaces 3-34. . . . . . . . . . . .
Phase III––Make the NIS+ Namespace Fully Operational 3-35. . . . . . . . . . . . . . . . . . .
Phase IV––Upgrade NIS–Compatible Domains 3-36. . . . . . . . . . . . . . . . . . . . . . . . . . . .
vii
Preface
Chapter 4. The NIS+ Namespace and Structure 4-1. . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Files and Directories 4-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Structure of the NIS+ Namespace 4-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Directories 4-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Domains 4-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Servers 4-6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Clients and Principals 4-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Principal 4-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Client 4-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Naming Conventions 4-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Domain Names 4-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Directory Object Names 4-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Tables and Group Names 4-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table Entry Names 4-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Host Names 4-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Principal Names 4-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Accepted Name Symbols 4-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Name Expansion 4-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS_PATH Environment Variable 4-17. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Tables and Information 4-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Table Structure 4-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Columns and Entries 4-19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Search Paths 4-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Ways to Set Up Tables 4-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How Tables Are Updated 4-22. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 5. NIS+ Installation and Configuration 5-1. . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up NIS+ 5-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Prerequisites for Installing and Configuring NIS+ 5-2. . . . . . . . . . . . . . . . . . . . . . . . . .
Planning Your NIS+ Layout 5-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preparing the Existing Namespace 5-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuration Worksheets 5-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Setup Scripts 5-7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
What the NIS+ Scripts Will Do 5-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
What the NIS+ Scripts Will Not Do 5-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up NIS+ With Scripts 5-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating a Sample NIS+ Namespace 5-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up NIS+ Root Servers 5-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Populating NIS+ Tables 5-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up Root Domain NIS+ Client Machines 5-20. . . . . . . . . . . . . . . . . . . . . . . . . . . .
Initializing NIS+ Client Users 5-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up NIS+ Servers 5-22. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Designating Root Replicas 5-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating a Subdomain 5-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Populating the New Domain’s Tables 5-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Designating Replicas 5-28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Initializing Subdomain NIS+ Client Machines 5-29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Initializing Subdomain NIS+ Client Users 5-30. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Summary of Commands for the Sample NIS+ Namespace 5-30. . . . . . . . . . . . . . . . . .
Setting Up the Root Domain 5-32. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Standard versus NIS–Compatible Setup Procedures 5-32. . . . . . . . . . . . . . . . . . . . . . .
Establishing the Root Domain 5-32. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Root Domain Setup Summary 5-41. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up NIS+ Servers 5-43. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up an NIS+ Server 5-43. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
viii
AIX 4.3 NIS and NIS+ Guide
Adding a Replica to an Existing Domain 5-45. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Server Setup Summary 5-46. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up NIS+ Tables 5-47. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Populating NIS+ Tables From Files 5-48. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Populating NIS+ Tables From NIS Maps 5-51. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Transferring Information From NIS+ to NIS 5-53. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Limiting Access to the Passwd Column to Owners and Administrators 5-54. . . . . . . .
Table Population Summaries 5-55. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up a Nonroot Domain 5-57. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Standard versus NIS–Compatible Setup Procedures 5-57. . . . . . . . . . . . . . . . . . . . . . .
Security Considerations 5-58. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Prerequisites 5-58. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Procedure 5-58. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Subdomain Setup Summary 5-61. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up NIS+ Clients 5-62. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing a Workstation’s Domain 5-62. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Initializing an NIS+ Client 5-63. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Client Setup Summary 5-65. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Client Setup 5-66. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 6. NIS+ Administration 6-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administering NIS+ Credentials 6-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How Credentials Work 6-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The DES Credential in Detail 6-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Secure RPC Password versus Login Password Problem 6-7. . . . . . . . . . . . . . . . . . .
Cached Public Keys Problems 6-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Where Credential–Related Information Is Stored 6-8. . . . . . . . . . . . . . . . . . . . . . . . . .
The Cred Table in Detail 6-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating Credential Information 6-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How nisaddcred Creates Credential Information 6-10. . . . . . . . . . . . . . . . . . . . . . . . . . .
Secure RPC Netname and NIS+ Principal Name 6-11. . . . . . . . . . . . . . . . . . . . . . . . . .
Creating Credential Information for the Administrator 6-12. . . . . . . . . . . . . . . . . . . . . . .
Creating Credential Information for NIS+ Principals 6-12. . . . . . . . . . . . . . . . . . . . . . . .
Administering NIS+ Credential Information 6-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administering NIS+ Keys 6-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Keylogin 6-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing Keys for a NIS+ Principal 6-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing Root Keys of an NIS+ Principal 6-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Updating Public Keys 6-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Updating IP Addresses 6-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administering NIS+ Access Rights 6-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Concatenation of Access Rights 6-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How Access Rights Are Assigned and Changed 6-21. . . . . . . . . . . . . . . . . . . . . . . . . . .
Access Rights and Table Security 6-22. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Where Access Rights Are Stored 6-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing an NIS+ Object’s Access Rights 6-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Default Access Rights 6-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How a Server Grants Access Rights to Tables 6-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Specifying Access Rights in Commands 6-27. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying NIS+ Defaults 6-29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Specifying Nondefault Security Values at Creation Time 6-31. . . . . . . . . . . . . . . . . . . .
Changing Object and Entry Access Rights 6-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Specifying Column Access Rights 6-32. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Column Rights When Creating a Table 6-32. . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding Rights to an Existing Table Column 6-33. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ix
Preface
Removing Rights to a Table Column 6-33. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing Ownership of Objects and Entries 6-33. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing an Object or Entry’s Group 6-34. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administering Passwords 6-36. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Logging In 6-36. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing Your Password 6-37. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Choosing a Password 6-38. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The passwd Command 6-39. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The nistbladm Command 6-40. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing Passwords 6-40. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Managing Password Aging 6-41. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Specifying Password Criteria and Defaults 6-44. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administering NIS+ Groups 6-45. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Related Commands 6-45. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Specifying Group Members 6-45. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using niscat With Groups 6-46. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Listing the Object Properties of a Group 6-46. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The nisgrpadm Command 6-47. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating an NIS+ Group 6-47. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deleting an NIS+ Group 6-48. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding Members to an NIS+ Group 6-48. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Listing the Members of an NIS+ Group 6-49. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Removing Members From an NIS+ Group 6-49. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Testing for Membership in an NIS+ Group 6-49. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administering NIS+ Directories 6-50. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the niscat Command With Directories 6-50. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The nisls Command 6-50. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The nismkdir Command 6-52. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The nisrmdir Command 6-53. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The nisrm Command 6-54. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The rpc.nisd Command 6-54. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The nisinit Command 6-55. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The nis_cachemgr Command 6-56. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The nisshowcache Command 6-56. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The nisping Command 6-57. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The nislog Command 6-58. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The nischttl Command 6-58. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administering NIS+ Tables 6-60. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the nistbladm Command 6-60. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the niscat Command 6-60. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the nismatch and nisgrep Commands 6-61. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the nisln Command 6-63. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the nissetup Command 6-63. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the nisaddent Command 6-64. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Removing NIS+ 6-66. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Removing NIS+ From a Client Machine 6-66. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Removing NIS+ From a Server 6-66. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Removing the NIS+ Namespace 6-66. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
x
AIX 4.3 NIS and NIS+ Guide
Chapter 7. Security 7-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AIX Security Mechanisms 7-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Security Mechanisms 7-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Principals 7-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Security Levels 7-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Authentication and Credentials 7-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User and Machine Credentials 7-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
DES versus LOCAL Credentials 7-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Authorization and Access 7-7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Authorization Classes 7-7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Access Rights 7-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Security and Administrative Rights 7-11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Security Reference 7-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 8. NIS and NIS+ Troubleshooting 8-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting NIS–Related Problems 8-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Identifying NIS Client Problems 8-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Identifying NIS Server Problems 8-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting NIS+ Namespace Administration Problems 8-6. . . . . . . . . . . . . . . . . . .
Symptoms 8-6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting NIS+ Namespace Database Problems 8-9. . . . . . . . . . . . . . . . . . . . . . .
Symptoms 8-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Multiple rpc.nisd Parent Processes 8-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting NIS Compatibility Problems 8-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Symptoms 8-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Object Not Found Problems 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Symptoms 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Syntax or Spelling Error 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Incorrect Path 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Domain Levels Not Correctly Specified 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Object Does Not Exist 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Lagging or Out–of–Sync Replica 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Files Missing or Corrupt 8-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Blanks in Name 8-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cannot Use Automounter 8-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Ownership and Permission Problems 8-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Symptoms 8-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
No Permission 8-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
No Credentials 8-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Server Running at Security Level 0 8-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Login Same as Machine Name 8-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Bad Credentials 8-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Security Problems 8-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Symptoms 8-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
”Login Incorrect” Message 8-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Password Locked, Expired, or Terminated 8-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Stale and Outdated Credential Information 8-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Corrupted Credentials 8-19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Keyserv Failure 8-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Machine Previously Was an NIS+ Client 8-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
No Entry in the cred Table 8-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changed Domain Name 8-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
When Changing a Machine to a Different Domain 8-20. . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Password and Login Password in /etc/passwd File 8-21. . . . . . . . . . . . . . . . . . . .
Secure RPC Password and Login Passwords Are Different 8-21. . . . . . . . . . . . . . . . .
xi
Preface
Preexisting /etc/.rootkey File 8-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Root Password Change Causes Problem 8-22. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Slow Performance and System Hang Problems 8-23. . . . . . . . . . . . . . .
Symptoms 8-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Checkpointing 8-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Variable NIS_PATH 8-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table Paths 8-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Too Many Replicas 8-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Recursive Groups 8-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Large NIS+ Database Logs at Start–up 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Master rpc.nisd Daemon Died 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Symptoms 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Possible Cause 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Diagnosis 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Solution 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
No nis_cachemgr 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Symptoms 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Possible Cause 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Diagnosis 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Solution 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Server Very Slow at Start–up After NIS+ Installation 8-24. . . . . . . . . . . . . . . . . . . . . . . .
Symptoms 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Possible Cause 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Solution 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
niscat Returns: Server busy. Try Again 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Symptoms 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Possible Cause 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Diagnosis 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Solution 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NIS+ Queries Hang After Changing Host Name 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . .
Symptoms 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Possible Cause 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Solution 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting System Resource Problems 8-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting User Problems 8-27. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Symptoms 8-27. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Cannot Log In 8-27. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Cannot Log In Using New Password 8-27. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Cannot Remote Log In to Remote Domain 8-27. . . . . . . . . . . . . . . . . . . . . . . . . . .
User Cannot Change Password 8-28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Other NIS+ Problems 8-29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How to Tell if NIS+ Is Running 8-29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Replica Update Failure 8-29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix A. Information in NIS+ Tables A-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auto_Home Table A-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auto_Master Table A-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Bootparams Table A-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Input File Format A-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Client_info Table A-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cred Table A-6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Ethers Table A-7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Group Table A-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Hosts Table A-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Mail_aliases Table A-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xii
AIX 4.3 NIS and NIS+ Guide
Input File Format A-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Netgroup Table A-11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Input File Format A-11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Netmasks Table A-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Networks Table A-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Passwd Table A-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Protocols Table A-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
RPC Table A-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Services Table A-17. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Timezone Table A-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Index X-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1-1
Introduction to Name Services
Chapter 1. Introduction to Name Services
This chapter provides a brief overview of name services (also called network information
services). It introduces the DNS, NIS, and NIS+ name services then concludes with
comparisons and interoperability issues.
• Name Services Overview, on page 1-2
• DNS Overview, on page 1-4
• NIS Overview, on page 1-5
• NIS+ Overview, on page 1-7
• Differences between NIS and NIS+, on page 1-8
• NIS+ Security, on page 1-12
• NIS–Compatibility Mode, on page 1-13
• Using NIS+ APIs, on page 1-14
• Using NIS+ Commands, on page 1-15
1-2
AIX 4.3 NIS and NIS+ Guide
Name Services Overview
Name services store information that allows users, workstations, and applications to
communicate across the network. Without a name service, each workstation would have to
maintain its own copy of such information as machine addresses, user names, passwords,
and network access permissions. With name services, the information may be stored in
centrally located files or database tables, which makes it easier to administer large
networks.
For example, take a simple network of three workstations, pine, elm, and oak. Before pine
can send a message to either elm or oak, it must know their network addresses. For this
reason, it keeps a file, /etc/hosts, that stores the network address of every workstation in
the network, including itself.
pine oakelm
pine elm oak
123.456.7.1 pine
123.456.7.2 elm
123.456.7.3 oak
/etc/hosts
Likewise, for elm and oak to communicate with pine or with each other, they must keep
similar files.
pine elm oak
123.456.7.1 pine
123.456.7.2 elm
123.456.7.3 oak
123.456.7.1 pine
123.456.7.2 elm
123.456.7.3 oak
123.456.7.1 pine
123.456.7.2 elm
123.456.7.3 oak
/etc/hosts
/etc/hosts
/etc/hosts
Addresses are not the only network information that workstations need to store. They also
need to store security information, mail information, information about their Ethernet
interfaces, network services, groups of users allowed to use the network, services offered
on the network, and so on. As networks offer more services, the list grows. As a result, each
workstation may need to keep an entire set of files similar to /etc/hosts.
1-3
Introduction to Name Services
pine
elm
oak
hosts
protocols
password
rpc
services
group
netgroup
aliases
time zone
As this information changes, administrators must keep it current on every workstation in the
network. In a small network, this is simply tedious, but on a medium or large network, the
job becomes not only time–consuming but nearly unmanageable. A network information
service addresses this problem. It stores network information on servers and provides it to
any workstation that asks for it.
forest
pine
elm
oak
workstations
(request information)
server
(stores information)
information
(stored on server)
/etc/hosts
123.456.7.1 pine
123.456.7.2 elm
123.456.7.3 oak
The workstations are known as clients of the server. Whenever information about the
network changes, instead of updating each client’s local file, an administrator updates only
the information stored by the network information service. This reduces errors,
inconsistencies between clients, and the sheer size of the task.
Although the chief purpose of a network information service is to centralize information,
another is to simplify network names. A network information service enables workstations to
be identified by common names instead of numerical addresses. (This is why these services
are sometimes called name services.) This makes communication simpler because users
do not have to remember and try to enter cumbersome physical addresses, such as
129.44.3.1. Instead, they can use descriptive names, such as Sales, Lab1, or Arnold.
Names are also more flexible than physical addresses. While physical addresses and
networks tend to remain stable, the organizations that use them tend to change structure
and nomenclature. A network information service uses software to map these changes to an
unchanged physical network.
1-4
AIX 4.3 NIS and NIS+ Guide
Domain Name System (DNS) Overview
The Domain Name System (DNS) is the name service provided by the Internet for TCP/IP
networks. It was developed so workstations on the network could be identified with common
names instead of Internet addresses. DNS performs naming between hosts within your local
administrative domain and across domain boundaries.
The collection of networked workstations that use DNS are referred to as the DNS
namespace. The DNS namespace can be divided into a hierarchy of domains. A DNS
domain is simply a group of workstations. Each domain is supported by two or more name
servers (a principal server and one or more secondary servers). Each server implements
DNS by running a daemon called named.
On the client side, DNS is implemented through a resolver. The resolver’s function is to
resolve user queries; to do that, it queries a name server, which then returns either the
requested information or a referral to another server.
1-5
Introduction to Name Services
Network Information Service (NIS) Overview
The Network Information Service (NIS) was developed independently of DNS and has a
slightly different focus. Whereas DNS focuses on simplifications that use workstation names
instead of addresses, NIS focuses on simplifying network administration by providing
centralized control over a variety of network information. NIS stores information not only
about workstation names and addresses, but also about users, the network itself, and
network services. This collection of network information is referred to as the NIS
namespace.
NIS Architecture
NIS uses a client–server arrangement similar to DNS. Replicated NIS servers provide
services to NIS clients. The principal servers are called master servers and, for reliability,
they have backup or replica servers (also referred to as slave servers). Both server types
use the NIS information retrieval software and both store NIS maps. The method used by
NIS+ is described briefly in the NIS+ Overview, on page 1-7.
NIS, like DNS, uses domains to arrange the workstations, users, and networks in its
namespace. However, it does not use a domain hierarchy; an NIS namespace is flat. Thus,
a hierarchical physical network is arranged by NIS into one domain. See NIS+ Namespace
and Structure, for information on NIS+ hierarchy.
129.44.0.0
129.44.2.0
129.44.1.0
129.44.0.0
129.44.2.0
129.44.1.0
The wiz Domain
An NIS domain cannot be connected directly to the Internet. Organizations that want to use
NIS and be connected to the Internet use NIS to manage all local information and DNS for
host name resolution. NIS provides special client routines for this purpose (DNS
forwarding). When a client needs access to any type of information except IP addresses,
the request goes to the client’s NIS server. When a client needs name resolution, the
request goes to the DNS server. From the DNS server, the client has access to the Internet
in the usual way.
NIS Maps
NIS stores information in a set of files called maps. NIS maps were designed to replace
traditional UNIX /etc files, as well as other configuration files, so they store much more than
names and addresses. As a result, the NIS namespace has a large set of maps, as shown
in the NIS Maps table below.
NIS maps are essentially two–column tables. One column is the key and the other column is
information about the key. NIS finds information for a client by searching through the keys.
Thus, some information is stored in several maps because each map uses a different key.
1-6
AIX 4.3 NIS and NIS+ Guide
For example, the names and addresses of workstations are stored in two maps:
hosts.byname and hosts.byaddr. When a server has a workstation’s name and needs to
find its address, it looks in the hosts.byname map. When it has the address and needs to
find the name, it looks in the hosts.byaddr map.
Table 1. NIS Maps
NIS Map
Description
bootparams Lists the names of the diskless clients and the location of the files
they need during booting.
ethers.byaddr Lists the Ethernet addresses of workstations and their
corresponding names.
ethers.byname Lists the names of workstations and their corresponding Ethernet
addresses.
group.bygid Provides membership information about groups, using the group
ID as the key.
group.byname Provides membership information about groups, using the group
name as the key.
hosts.byaddr Lists the names and addresses of workstations, using the
address as the key.
hosts.byname Lists the names and addresses of workstations, using the name
as the key.
mail.aliases Lists the mail aliases in the namespace and all the workstations
that belong to them.
mail.byaddr Lists the mail aliases in the namespace, using the address as the
key.
netgroup Contains netgroup information, using the group name as the key.
netgroup.byhost Contains information about the netgroups in the namespace,
using workstation names as the key.
netgroup.byuser Contains netgroup information, using the user as the key.
netid.byname Contains the Secure remote procedure call (RPC) netname of
workstations and users, along with their user IDs and group IDs.
netmasks.byaddr Contains network masks used with Internet Protocol (IP)
subnetting, using the address as the key.
networks.byaddr Contains the names and addresses of the networks in the
namespace, and their Internet addresses.
networks.byname Contains the names and addresses of the networks in the
namespace, using the names as the key.
passwd.byname Contains password information, with the username as the key.
passwd.byuid Contains password information, with the user ID as the key.
protocols.byname Lists the network protocols used.
protocols.bynumber Lists the network protocols used but uses their number as the
key.
publickey.byname Contains public and secret keys for Secure RPC.
rpc.bynumber Lists the known program name and number of RPCs.
services.byname Lists the available Internet services.
ypservers Lists the NIS servers in the namespace, along with their IP
addresses.
Network Information Service contains detail about the development and use of NIS.
/