Previous Table of Contents Next

Table 5-2 lists the tables in the org_dir directory in alphabetical order and briefly describes the contents of each table.

Table 5-2 NIS+ org_dir Tables

Table Description
aliases Information about the email aliases in the domain.
auto_home The location of automounted home directories in the domain.
auto_master The master automount map.
bootparams Location of the root, swap, and dump partitions of every diskless client in the domain.
cred NIS+ credentials for principals who have permission to access the information or objects in the domain.
ethers The ethernet address for systems in the domain.
group Group password, group ID, and the list of members for every UNIX group in the domain. Note that the group table is for UNIX groups and should not be confused with the NIS+ groups in the groups dir directory.
hosts Network address and hostname of every system in the domain.
netgroup The netgroups to which systems and users in the domain may belong.
netmasks The networks in the domain and their associated netmasks.
networks The networks in the domain and their canonical names.
passwd Password information about every user in the domain.
protocols The list of IP protocols used in the domain.
RPC The RPC program numbers for RPC services available in the domain.
services The names of IP services used in the domain and their port numbers.
timezone The timezone of the domain.

See the section “Table Information Display” at the end of this chapter for a brief explanation of how to display information about these tables.

The following sections briefly describe how the org_dir tables are created and populated. Creating and populating these tables is part of the procedure for setting up NIS+.

As part of setting up NIS+, a set of empty tables is created in the org_dir directory. Once the tables are created, authorized principals can add information from existing NIS maps or text files by using the nisaddent command or the nistbladm command, or by using the AdminSuite Database Manager to edit the contents of NIS+ databases. If NIS+ entries already exist in the table, authorized principals can use the nisaddent command to merge NIS map information with existing NIS+ information. See the nisaddent(1) manual page for more information.

NIS+ Security

NIS+ is designed to protect the information in its directories and tables from unauthorized access. For example, an authorized user can create a table listing the home telephone number and address of members of the Starlight Engineering domain as part of the domain’s NIS+ directory. Access to this table can be limited to all or part of the Engineering organization. In another example, a desktop application can create NIS+ tables of application-specific information that must be available to the entire network. In a third example, confidential personnel information, such as the company identification number and job category for employees, can be stored in an NIS+ table with access only authorized on a very selective basis.

NIS+ controls access to servers, directories, and tables in two ways:

  Authentication verifies the identity of a system or a user of NIS+.
  Authorization controls access to information stored in NIS+.

In addition to authentication and authorization of access rights, you can run the NIS+ daemon, rpc.nisd, at three different levels of security, as described in Table 5-3.

Table 5-3 Levels of NIS+ Security

Security Level Description
0 Does not check the principal’s credentials at all. Any client is allowed to perform any operation. Level 0 is designed for testing and setting up the initial NIS+ root domain.
1 Checks the principal’s credentials and accepts any authentication. Because some credentials are easily forged, do not use this level on networks to which untrusted servers may have access. Level 1 is recommended for testing only.
2 Checks the principal’s credentials and accepts only DES authentication (described in the next section). Level 2 is the highest level of security currently provided and is the default level assigned to an NIS+ server.

You control the level of security using the -S option when you start the rpc.nisd daemon. If a system is configured as an NIS+ server, the rpc.nisd daemon is automatically started when a system boots. When rpc.nisd is started with no arguments, the default security level is 2. To start the daemon with security level 0, use rpc.nisd-S 0. To start the daemon with security level 1, use rpc.nisd -S 1.

Previous Table of Contents Next