Bull AIX 4.3 - Network Information Service guide

Bull

AIX 4.3 Network Information Services

(NIS and NIS+) Guide

AIX

86 A2 22KX 00

ORDER REFERENCE

Bull

AIX 4.3 Network Information Services

(NIS and NIS+) Guide

AIX

Software

November 1999

BULL ELECTRONICS ANGERS

CEDOC

34 Rue du Nid de Pie – BP 428

49004 ANGERS CEDEX 01

FRANCE

86 A2 22KX 00

ORDER REFERENCE

The following copyright notice protects this book under the Copyright laws of the United States of America

and other countries which prohibit such actions as, but not limited to, copying, distributing, modifying, and

making derivative works.

Copyright

Bull S.A. 1999

Printed in France

Suggestions and criticisms concerning the form, content, and presentation of

this book are invited. A form is provided at the end of this book for this purpose.

To order additional copies of this book or other Bull Technical Publications, you

are invited to use the Ordering Form also provided at the end of this book.

Trademarks and Acknowledgements

We acknowledge the right of proprietors of trademarks mentioned in this book.

AIX

R

is a registered trademark of International Business Machines Corporation, and is being used under

licence.

UNIX is a registered trademark in the United States of America and other countries licensed exclusively through

the Open Group.

Year 2000

The product documented in this manual is Year 2000 Ready.

The information in this document is subject to change without notice. Groupe Bull will not be liable for errors

contained herein, or for incidental or consequential damages in connection with the use of this material.

iii

Preface

About This Book

This book is for AIX system administrators who maintain Network Information System or

NIS+ servers and clients. Familiarity with the Base Operating System and the material

covered in AIX 4.3 System Management Guide: Communications and Networks, AIX 4.3

System Management Guide: Operating System and Devices, and AIX 4.3 System User’s

Guide: Communications and Networks is necessary.

Who Should Use This Book

This book is intended for system administrators who perform system management tasks

that involve NIS or NIS+.

How to Use This Book

Chapters in this book provide overview, installation and configuration, maintenance,

troubleshooting, and reference information for NIS and for NIS+. Procedural information is

located near the relevant conceptual information for easier access.

Highlighting

The following highlighting conventions are used in this book:

Bold Identifies commands, keywords, files, directories, and other

items whose names are predefined by the system.

Italics Identifies parameters whose actual names or values are to be

supplied by the user.

Monospace Identifies examples of specific data values, examples of text

similar to what you might see displayed, examples of portions

of program code similar to what you might write as a

programmer, messages from the system, or information you

should actually type.

ISO 9000

ISO 9000 registered quality systems were used in the development and manufacturing of

this product.

AIX Support for the X/Open UNIX95 Specification

The AIX operating system is designed to support the X/Open UNIX95 Specification for

portability of UNIX–based operating systems. Many new interfaces, and some current ones,

have been added or enhanced to meet this specification. AIX 4.3 is even more open and

portable for applications.

At the same time, compatibility with previous AIX releases is preserved. This is

accomplished by the creation of a new environment variable that can be used to set the

system environment on a per–system, per–user, or per–process basis.

iv

AIX 4.3 NIS and NIS+ Guide

To determine the proper way to develop a UNIX95–portable application, you may need to

refer to the X/Open UNIX95 Specification, which can be obtained on a CD–ROM by

ordering the printed copy of AIX Commands Reference, order number 86 A2 38JX to 86 A2

43JX, or by ordering Go Solo: How to Implement and Go Solo with the Single Unix

Specification, a book which includes the X/Open UNIX95 Specification Specification on a

CD–ROM.

Related Publications

The following book contains information about or related to communications:

AIX and Related Products Documentation Overview, order number 86 A2 71WE.

AIX 4.3 System Management Guide: Communications and Networks,

order number 86 A2 31JX.

AIX 4.3 System Management Guide: Operating System and Devices,

order number 86 A2 99HX.

AIX 4.3 System User’s Guide: Communications and Networks,

order number 86 A2 98HX.

AIX General Programming Concepts: Writing and Debugging Programs,

order number 86 A2 34JX.

AIX Commands Reference, order number 86 A2 38JX to 86 A2 43JX.

AIX 4.3 Installation Guide, order number 86 A2 43GX.

Albitz, Paul and Liu, Cricket, [1992], DNS and BIND in a Nutshell, O’Reilly & Associates,

Inc., Sebastopol, CA, ISBN 0–56592–010–4.

Stern, Hal, [1991], Managing NFS and NIS, O’Reilly & Associates, Inc., Sebastopol, CA,

ISBN 0–93–717575–7.

Tanenbaum, Andrew S., Computer Networks, Prentice Hall, Englewood Cliffs, NJ, ISBN

0–13–165183–8.

Ordering Publications

You can order publications from your sales representative or from your point of sale.

To order additional copies of this book, use order number 86 A2 22KX.

Use AIX and Related Products Documentation Overview for information on related

publications and how to obtain them.

v

Preface

Contents

About This Book iii. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 1. Introduction to Name Services 1-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Name Services Overview 1-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Domain Name System (DNS) Overview 1-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Network Information Service (NIS) Overview 1-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS Architecture 1-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS Maps 1-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Network Information Service+ (NIS+) Overview 1-7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Differences Between NIS and NIS+ 1-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Domain Structure 1-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

DNS, NIS, and NIS+ Interoperability 1-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Server Configuration 1-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Information Management 1-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Security 1-11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Security Overview 1-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS–Compatibility Mode 1-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using NIS+ APIs 1-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using NIS+ Commands 1-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 2. Network Information Service 2-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Components of NIS 2-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Servers 2-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Clients 2-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS Domain 2-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS Maps 2-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

ypservers: a Special Map 2-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Netgroups: Network–Wide Groups of Machines and Users 2-4. . . . . . . . . . . . . . . . . .

makedbm and Makefile: Creating Maps 2-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Maintaining Consistent System Information with NIS 2-5. . . . . . . . . . . . . . . . . . . . . . . . . .

Installing and Configuring NIS 2-6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Configuring NIS 2-6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Preparing a Host for NIS Configuration 2-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Starting and Stopping NIS Daemons 2-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up NIS Client Files to Use NIS Services 2-14. . . . . . . . . . . . . . . . . . . . . . . . . . .

Maintaining NIS 2-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Prerequisite 2-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS Security 2-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Changing an NIS Map 2-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Changing NIS Passwords 2-19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Adding a New NIS Slave Server 2-19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Adding a New NIS User 2-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Creating Nonstandard NIS Maps 2-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Propagating an NIS Map 2-22. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Moving the Master Server to a Different Host 2-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using NIS Automount 2-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using automount Maps 2-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Managing NIS automount Maps 2-28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Maintaining All of the automount Maps with NIS 2-29. . . . . . . . . . . . . . . . . . . . . . . . . . .

vi

AIX 4.3 NIS and NIS+ Guide

NIS Reference 2-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Daemons 2-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Commands 2-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 3. Moving from NIS to NIS+ 3-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Changes Required to Move to NIS+ 3-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Suggested Transition Phases 3-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Transition Principles 3-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Become Familiar with NIS+ 3-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Design Your Final NIS+ Namespace 3-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Plan Security Measures 3-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Decide How to Use NIS–Compatibility Mode 3-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Complete Prerequisites to Transition 3-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Implement the Transition 3-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Designing the NIS+ Namespace 3-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Identifying the Goals of Your Administrative Model 3-5. . . . . . . . . . . . . . . . . . . . . . . . .

Designing the Namespace Structure 3-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Selecting the Namespace Servers 3-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Determine Table Configurations 3-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Resolving User/Host Name Conflicts 3-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Planning NIS+ Security Measures 3-17. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Understanding the Impact of NIS+ Security 3-17. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Selecting Credentials 3-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Choosing a Security Level 3-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Establishing Password–Aging Criteria, Principles, and Rules 3-19. . . . . . . . . . . . . . . .

Planning NIS+ Groups 3-19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Planning Access Rights to NIS+ Groups and Directories 3-20. . . . . . . . . . . . . . . . . . . .

Planning Access Rights to NIS+ Tables 3-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using NIS–Compatibility Mode 3-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Selecting Your NIS–Compatible Domains 3-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Determining NIS–Compatible Server Configuration 3-25. . . . . . . . . . . . . . . . . . . . . . . .

Deciding How to Transfer Information Between Services 3-25. . . . . . . . . . . . . . . . . . . .

Deciding How to Implement DNS Forwarding 3-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS and NIS+ API Function Equivalents 3-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS–Compatibility Mode Protocol Support 3-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Prerequisites to Transition 3-28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Gauge the Impact of NIS+ on Other Systems 3-28. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Train Administrators 3-28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Write a Communications Plan 3-29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Identify Required Conversion Tools and Processes 3-29. . . . . . . . . . . . . . . . . . . . . . . .

Identify Administrative Groups Used for Transition 3-29. . . . . . . . . . . . . . . . . . . . . . . . .

Determine Who Will Own the Domains 3-30. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Determine Resource Availability 3-30. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Resolve Conflicts Between Login Names and Host Names 3-30. . . . . . . . . . . . . . . . . .

Examine All Information Source Files 3-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Remove the ”.” from Host Names 3-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Remove the ”.” from NIS Map Names 3-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Document Your Current NIS Namespace 3-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Create a Conversion Plan for Your NIS Servers 3-32. . . . . . . . . . . . . . . . . . . . . . . . . . .

Implementing the Transition 3-33. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Phase I––Set Up the NIS+ Namespace 3-33. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Phase II––Connect the NIS+ Namespace to Other Namespaces 3-34. . . . . . . . . . . .

Phase III––Make the NIS+ Namespace Fully Operational 3-35. . . . . . . . . . . . . . . . . . .

Phase IV––Upgrade NIS–Compatible Domains 3-36. . . . . . . . . . . . . . . . . . . . . . . . . . . .

vii

Preface

Chapter 4. The NIS+ Namespace and Structure 4-1. . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Files and Directories 4-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Structure of the NIS+ Namespace 4-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Directories 4-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Domains 4-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Servers 4-6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Clients and Principals 4-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Principal 4-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Client 4-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Naming Conventions 4-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Domain Names 4-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Directory Object Names 4-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Tables and Group Names 4-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Table Entry Names 4-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Host Names 4-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Principal Names 4-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Accepted Name Symbols 4-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Name Expansion 4-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS_PATH Environment Variable 4-17. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Tables and Information 4-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Table Structure 4-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Columns and Entries 4-19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Search Paths 4-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Ways to Set Up Tables 4-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

How Tables Are Updated 4-22. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 5. NIS+ Installation and Configuration 5-1. . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up NIS+ 5-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Prerequisites for Installing and Configuring NIS+ 5-2. . . . . . . . . . . . . . . . . . . . . . . . . .

Planning Your NIS+ Layout 5-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Preparing the Existing Namespace 5-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Configuration Worksheets 5-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Setup Scripts 5-7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

What the NIS+ Scripts Will Do 5-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

What the NIS+ Scripts Will Not Do 5-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up NIS+ With Scripts 5-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Creating a Sample NIS+ Namespace 5-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up NIS+ Root Servers 5-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Populating NIS+ Tables 5-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up Root Domain NIS+ Client Machines 5-20. . . . . . . . . . . . . . . . . . . . . . . . . . . .

Initializing NIS+ Client Users 5-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up NIS+ Servers 5-22. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Designating Root Replicas 5-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Creating a Subdomain 5-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Populating the New Domain’s Tables 5-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Designating Replicas 5-28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Initializing Subdomain NIS+ Client Machines 5-29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Initializing Subdomain NIS+ Client Users 5-30. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Summary of Commands for the Sample NIS+ Namespace 5-30. . . . . . . . . . . . . . . . . .

Setting Up the Root Domain 5-32. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Standard versus NIS–Compatible Setup Procedures 5-32. . . . . . . . . . . . . . . . . . . . . . .

Establishing the Root Domain 5-32. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Root Domain Setup Summary 5-41. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up NIS+ Servers 5-43. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up an NIS+ Server 5-43. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

viii

AIX 4.3 NIS and NIS+ Guide

Adding a Replica to an Existing Domain 5-45. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Server Setup Summary 5-46. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up NIS+ Tables 5-47. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Populating NIS+ Tables From Files 5-48. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Populating NIS+ Tables From NIS Maps 5-51. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Transferring Information From NIS+ to NIS 5-53. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Limiting Access to the Passwd Column to Owners and Administrators 5-54. . . . . . . .

Table Population Summaries 5-55. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up a Nonroot Domain 5-57. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Standard versus NIS–Compatible Setup Procedures 5-57. . . . . . . . . . . . . . . . . . . . . . .

Security Considerations 5-58. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Prerequisites 5-58. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Procedure 5-58. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Subdomain Setup Summary 5-61. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up NIS+ Clients 5-62. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Changing a Workstation’s Domain 5-62. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Initializing an NIS+ Client 5-63. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Client Setup Summary 5-65. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Client Setup 5-66. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 6. NIS+ Administration 6-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administering NIS+ Credentials 6-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

How Credentials Work 6-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The DES Credential in Detail 6-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Secure RPC Password versus Login Password Problem 6-7. . . . . . . . . . . . . . . . . . .

Cached Public Keys Problems 6-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Where Credential–Related Information Is Stored 6-8. . . . . . . . . . . . . . . . . . . . . . . . . .

The Cred Table in Detail 6-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Creating Credential Information 6-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

How nisaddcred Creates Credential Information 6-10. . . . . . . . . . . . . . . . . . . . . . . . . . .

Secure RPC Netname and NIS+ Principal Name 6-11. . . . . . . . . . . . . . . . . . . . . . . . . .

Creating Credential Information for the Administrator 6-12. . . . . . . . . . . . . . . . . . . . . . .

Creating Credential Information for NIS+ Principals 6-12. . . . . . . . . . . . . . . . . . . . . . . .

Administering NIS+ Credential Information 6-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administering NIS+ Keys 6-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Keylogin 6-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Changing Keys for a NIS+ Principal 6-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Changing Root Keys of an NIS+ Principal 6-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Updating Public Keys 6-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Updating IP Addresses 6-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administering NIS+ Access Rights 6-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Concatenation of Access Rights 6-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

How Access Rights Are Assigned and Changed 6-21. . . . . . . . . . . . . . . . . . . . . . . . . . .

Access Rights and Table Security 6-22. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Where Access Rights Are Stored 6-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Viewing an NIS+ Object’s Access Rights 6-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Default Access Rights 6-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

How a Server Grants Access Rights to Tables 6-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Specifying Access Rights in Commands 6-27. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Displaying NIS+ Defaults 6-29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Specifying Nondefault Security Values at Creation Time 6-31. . . . . . . . . . . . . . . . . . . .

Changing Object and Entry Access Rights 6-31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Specifying Column Access Rights 6-32. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Column Rights When Creating a Table 6-32. . . . . . . . . . . . . . . . . . . . . . . . . . . .

Adding Rights to an Existing Table Column 6-33. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

ix

Preface

Removing Rights to a Table Column 6-33. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Changing Ownership of Objects and Entries 6-33. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Changing an Object or Entry’s Group 6-34. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administering Passwords 6-36. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Logging In 6-36. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Changing Your Password 6-37. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Choosing a Password 6-38. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The passwd Command 6-39. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The nistbladm Command 6-40. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Changing Passwords 6-40. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Managing Password Aging 6-41. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Specifying Password Criteria and Defaults 6-44. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administering NIS+ Groups 6-45. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Related Commands 6-45. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Specifying Group Members 6-45. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using niscat With Groups 6-46. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Listing the Object Properties of a Group 6-46. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The nisgrpadm Command 6-47. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Creating an NIS+ Group 6-47. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Deleting an NIS+ Group 6-48. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Adding Members to an NIS+ Group 6-48. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Listing the Members of an NIS+ Group 6-49. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Removing Members From an NIS+ Group 6-49. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Testing for Membership in an NIS+ Group 6-49. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administering NIS+ Directories 6-50. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using the niscat Command With Directories 6-50. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The nisls Command 6-50. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The nismkdir Command 6-52. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The nisrmdir Command 6-53. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The nisrm Command 6-54. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The rpc.nisd Command 6-54. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The nisinit Command 6-55. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The nis_cachemgr Command 6-56. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The nisshowcache Command 6-56. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The nisping Command 6-57. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The nislog Command 6-58. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The nischttl Command 6-58. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administering NIS+ Tables 6-60. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using the nistbladm Command 6-60. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using the niscat Command 6-60. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using the nismatch and nisgrep Commands 6-61. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using the nisln Command 6-63. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using the nissetup Command 6-63. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using the nisaddent Command 6-64. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Removing NIS+ 6-66. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Removing NIS+ From a Client Machine 6-66. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Removing NIS+ From a Server 6-66. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Removing the NIS+ Namespace 6-66. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

x

AIX 4.3 NIS and NIS+ Guide

Chapter 7. Security 7-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

AIX Security Mechanisms 7-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Security Mechanisms 7-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Principals 7-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Security Levels 7-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Authentication and Credentials 7-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

User and Machine Credentials 7-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

DES versus LOCAL Credentials 7-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Authorization and Access 7-7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Authorization Classes 7-7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Access Rights 7-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Security and Administrative Rights 7-11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Security Reference 7-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 8. NIS and NIS+ Troubleshooting 8-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Troubleshooting NIS–Related Problems 8-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Identifying NIS Client Problems 8-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Identifying NIS Server Problems 8-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Troubleshooting NIS+ Namespace Administration Problems 8-6. . . . . . . . . . . . . . . . . . .

Symptoms 8-6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Troubleshooting NIS+ Namespace Database Problems 8-9. . . . . . . . . . . . . . . . . . . . . . .

Symptoms 8-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Multiple rpc.nisd Parent Processes 8-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Troubleshooting NIS Compatibility Problems 8-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Symptoms 8-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Troubleshooting Object Not Found Problems 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Symptoms 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Syntax or Spelling Error 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Incorrect Path 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Domain Levels Not Correctly Specified 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Object Does Not Exist 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Lagging or Out–of–Sync Replica 8-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Files Missing or Corrupt 8-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Blanks in Name 8-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Cannot Use Automounter 8-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Ownership and Permission Problems 8-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Symptoms 8-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

No Permission 8-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

No Credentials 8-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Server Running at Security Level 0 8-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

User Login Same as Machine Name 8-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Bad Credentials 8-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Troubleshooting Security Problems 8-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Symptoms 8-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

”Login Incorrect” Message 8-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Password Locked, Expired, or Terminated 8-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Stale and Outdated Credential Information 8-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Corrupted Credentials 8-19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Keyserv Failure 8-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Machine Previously Was an NIS+ Client 8-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

No Entry in the cred Table 8-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Changed Domain Name 8-20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

When Changing a Machine to a Different Domain 8-20. . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Password and Login Password in /etc/passwd File 8-21. . . . . . . . . . . . . . . . . . . .

Secure RPC Password and Login Passwords Are Different 8-21. . . . . . . . . . . . . . . . .

xi

Preface

Preexisting /etc/.rootkey File 8-21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Root Password Change Causes Problem 8-22. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Troubleshooting Slow Performance and System Hang Problems 8-23. . . . . . . . . . . . . . .

Symptoms 8-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Checkpointing 8-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Variable NIS_PATH 8-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Table Paths 8-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Too Many Replicas 8-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Recursive Groups 8-23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Large NIS+ Database Logs at Start–up 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The Master rpc.nisd Daemon Died 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Symptoms 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Possible Cause 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Diagnosis 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Solution 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

No nis_cachemgr 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Symptoms 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Possible Cause 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Diagnosis 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Solution 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Server Very Slow at Start–up After NIS+ Installation 8-24. . . . . . . . . . . . . . . . . . . . . . . .

Symptoms 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Possible Cause 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Solution 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

niscat Returns: Server busy. Try Again 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Symptoms 8-24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Possible Cause 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Diagnosis 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Solution 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NIS+ Queries Hang After Changing Host Name 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . .

Symptoms 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Possible Cause 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Solution 8-25. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Troubleshooting System Resource Problems 8-26. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Troubleshooting User Problems 8-27. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Symptoms 8-27. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

User Cannot Log In 8-27. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

User Cannot Log In Using New Password 8-27. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

User Cannot Remote Log In to Remote Domain 8-27. . . . . . . . . . . . . . . . . . . . . . . . . . .

User Cannot Change Password 8-28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Troubleshooting Other NIS+ Problems 8-29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

How to Tell if NIS+ Is Running 8-29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Replica Update Failure 8-29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Appendix A. Information in NIS+ Tables A-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Auto_Home Table A-2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Auto_Master Table A-3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Bootparams Table A-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Input File Format A-4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Client_info Table A-5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Cred Table A-6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Ethers Table A-7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Group Table A-8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Hosts Table A-9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Mail_aliases Table A-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

xii

AIX 4.3 NIS and NIS+ Guide

Input File Format A-10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Netgroup Table A-11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Input File Format A-11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Netmasks Table A-12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Networks Table A-13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Passwd Table A-14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Protocols Table A-15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

RPC Table A-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Services Table A-17. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Timezone Table A-18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Index X-1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1-1

Introduction to Name Services

Chapter 1. Introduction to Name Services

This chapter provides a brief overview of name services (also called network information

services). It introduces the DNS, NIS, and NIS+ name services then concludes with

comparisons and interoperability issues.

• Name Services Overview, on page 1-2

• DNS Overview, on page 1-4

• NIS Overview, on page 1-5

• NIS+ Overview, on page 1-7

• Differences between NIS and NIS+, on page 1-8

• NIS+ Security, on page 1-12

• NIS–Compatibility Mode, on page 1-13

• Using NIS+ APIs, on page 1-14

• Using NIS+ Commands, on page 1-15

1-2

AIX 4.3 NIS and NIS+ Guide

Name Services Overview

Name services store information that allows users, workstations, and applications to

communicate across the network. Without a name service, each workstation would have to

maintain its own copy of such information as machine addresses, user names, passwords,

and network access permissions. With name services, the information may be stored in

centrally located files or database tables, which makes it easier to administer large

networks.

For example, take a simple network of three workstations, pine, elm, and oak. Before pine

can send a message to either elm or oak, it must know their network addresses. For this

reason, it keeps a file, /etc/hosts, that stores the network address of every workstation in

the network, including itself.

pine oakelm

pine elm oak

123.456.7.1 pine

123.456.7.2 elm

123.456.7.3 oak

/etc/hosts

Likewise, for elm and oak to communicate with pine or with each other, they must keep

similar files.

pine elm oak

123.456.7.1 pine

123.456.7.2 elm

123.456.7.3 oak

123.456.7.1 pine

123.456.7.2 elm

123.456.7.3 oak

123.456.7.1 pine

123.456.7.2 elm

123.456.7.3 oak

/etc/hosts

Addresses are not the only network information that workstations need to store. They also

need to store security information, mail information, information about their Ethernet

interfaces, network services, groups of users allowed to use the network, services offered

on the network, and so on. As networks offer more services, the list grows. As a result, each

workstation may need to keep an entire set of files similar to /etc/hosts.

1-3

Introduction to Name Services

pine

elm

oak

hosts

protocols

password

rpc

services

group

netgroup

aliases

time zone

As this information changes, administrators must keep it current on every workstation in the

network. In a small network, this is simply tedious, but on a medium or large network, the

job becomes not only time–consuming but nearly unmanageable. A network information

service addresses this problem. It stores network information on servers and provides it to

any workstation that asks for it.

forest

pine

elm

oak

workstations

(request information)

server

(stores information)

information

(stored on server)

/etc/hosts

123.456.7.1 pine

123.456.7.2 elm

123.456.7.3 oak

The workstations are known as clients of the server. Whenever information about the

network changes, instead of updating each client’s local file, an administrator updates only

the information stored by the network information service. This reduces errors,

inconsistencies between clients, and the sheer size of the task.

Although the chief purpose of a network information service is to centralize information,

another is to simplify network names. A network information service enables workstations to

be identified by common names instead of numerical addresses. (This is why these services

are sometimes called name services.) This makes communication simpler because users

do not have to remember and try to enter cumbersome physical addresses, such as

129.44.3.1. Instead, they can use descriptive names, such as Sales, Lab1, or Arnold.

Names are also more flexible than physical addresses. While physical addresses and

networks tend to remain stable, the organizations that use them tend to change structure

and nomenclature. A network information service uses software to map these changes to an

unchanged physical network.

1-4

AIX 4.3 NIS and NIS+ Guide

Domain Name System (DNS) Overview

The Domain Name System (DNS) is the name service provided by the Internet for TCP/IP

networks. It was developed so workstations on the network could be identified with common

names instead of Internet addresses. DNS performs naming between hosts within your local

administrative domain and across domain boundaries.

The collection of networked workstations that use DNS are referred to as the DNS

namespace. The DNS namespace can be divided into a hierarchy of domains. A DNS

domain is simply a group of workstations. Each domain is supported by two or more name

servers (a principal server and one or more secondary servers). Each server implements

DNS by running a daemon called named.

On the client side, DNS is implemented through a resolver. The resolver’s function is to

resolve user queries; to do that, it queries a name server, which then returns either the

requested information or a referral to another server.

1-5

Introduction to Name Services

Network Information Service (NIS) Overview

The Network Information Service (NIS) was developed independently of DNS and has a

slightly different focus. Whereas DNS focuses on simplifications that use workstation names

instead of addresses, NIS focuses on simplifying network administration by providing

centralized control over a variety of network information. NIS stores information not only

about workstation names and addresses, but also about users, the network itself, and

network services. This collection of network information is referred to as the NIS

namespace.

NIS Architecture

NIS uses a client–server arrangement similar to DNS. Replicated NIS servers provide

services to NIS clients. The principal servers are called master servers and, for reliability,

they have backup or replica servers (also referred to as slave servers). Both server types

use the NIS information retrieval software and both store NIS maps. The method used by

NIS+ is described briefly in the NIS+ Overview, on page 1-7.

NIS, like DNS, uses domains to arrange the workstations, users, and networks in its

namespace. However, it does not use a domain hierarchy; an NIS namespace is flat. Thus,

a hierarchical physical network is arranged by NIS into one domain. See NIS+ Namespace

and Structure, for information on NIS+ hierarchy.

129.44.0.0

129.44.2.0

129.44.1.0

129.44.0.0

129.44.2.0

129.44.1.0

The wiz Domain

An NIS domain cannot be connected directly to the Internet. Organizations that want to use

NIS and be connected to the Internet use NIS to manage all local information and DNS for

host name resolution. NIS provides special client routines for this purpose (DNS

forwarding). When a client needs access to any type of information except IP addresses,

the request goes to the client’s NIS server. When a client needs name resolution, the

request goes to the DNS server. From the DNS server, the client has access to the Internet

in the usual way.

NIS Maps

NIS stores information in a set of files called maps. NIS maps were designed to replace

traditional UNIX /etc files, as well as other configuration files, so they store much more than

names and addresses. As a result, the NIS namespace has a large set of maps, as shown

in the NIS Maps table below.

NIS maps are essentially two–column tables. One column is the key and the other column is

information about the key. NIS finds information for a client by searching through the keys.

Thus, some information is stored in several maps because each map uses a different key.

1-6

AIX 4.3 NIS and NIS+ Guide

For example, the names and addresses of workstations are stored in two maps:

hosts.byname and hosts.byaddr. When a server has a workstation’s name and needs to

find its address, it looks in the hosts.byname map. When it has the address and needs to

find the name, it looks in the hosts.byaddr map.

Table 1. NIS Maps

NIS Map

Description

bootparams Lists the names of the diskless clients and the location of the files

they need during booting.

ethers.byaddr Lists the Ethernet addresses of workstations and their

corresponding names.

ethers.byname Lists the names of workstations and their corresponding Ethernet

addresses.

group.bygid Provides membership information about groups, using the group

ID as the key.

group.byname Provides membership information about groups, using the group

name as the key.

hosts.byaddr Lists the names and addresses of workstations, using the

address as the key.

hosts.byname Lists the names and addresses of workstations, using the name

as the key.

mail.aliases Lists the mail aliases in the namespace and all the workstations

that belong to them.

mail.byaddr Lists the mail aliases in the namespace, using the address as the

key.

netgroup Contains netgroup information, using the group name as the key.

netgroup.byhost Contains information about the netgroups in the namespace,

using workstation names as the key.

netgroup.byuser Contains netgroup information, using the user as the key.

netid.byname Contains the Secure remote procedure call (RPC) netname of

workstations and users, along with their user IDs and group IDs.

netmasks.byaddr Contains network masks used with Internet Protocol (IP)

subnetting, using the address as the key.

networks.byaddr Contains the names and addresses of the networks in the

namespace, and their Internet addresses.

networks.byname Contains the names and addresses of the networks in the

namespace, using the names as the key.

passwd.byname Contains password information, with the username as the key.

passwd.byuid Contains password information, with the user ID as the key.

protocols.byname Lists the network protocols used.

protocols.bynumber Lists the network protocols used but uses their number as the

key.

publickey.byname Contains public and secret keys for Secure RPC.

rpc.bynumber Lists the known program name and number of RPCs.

services.byname Lists the available Internet services.

ypservers Lists the NIS servers in the namespace, along with their IP

addresses.

Network Information Service contains detail about the development and use of NIS.

Page is loading ...

Bull AIX 4.3 - Network Information Service guide

Bull AIX 4.3 - Network Information Service guide

Related papers

Other documents