|Previous||Table of Contents||Next|
Table 5-2 lists the tables in the org_dir directory in alphabetical order and briefly describes the contents of each table.
|aliases||Information about the email aliases in the domain.|
|auto_home||The location of automounted home directories in the domain.|
|auto_master||The master automount map.|
|bootparams||Location of the root, swap, and dump partitions of every diskless client in the domain.|
|cred||NIS+ credentials for principals who have permission to access the information or objects in the domain.|
|ethers||The ethernet address for systems in the domain.|
|group||Group password, group ID, and the list of members for every UNIX group in the domain. Note that the group table is for UNIX groups and should not be confused with the NIS+ groups in the groups dir directory.|
|hosts||Network address and hostname of every system in the domain.|
|netgroup||The netgroups to which systems and users in the domain may belong.|
|netmasks||The networks in the domain and their associated netmasks.|
|networks||The networks in the domain and their canonical names.|
|passwd||Password information about every user in the domain.|
|protocols||The list of IP protocols used in the domain.|
|RPC||The RPC program numbers for RPC services available in the domain.|
|services||The names of IP services used in the domain and their port numbers.|
|timezone||The timezone of the domain.|
See the section Table Information Display at the end of this chapter for a brief explanation of how to display information about these tables.
The following sections briefly describe how the org_dir tables are created and populated. Creating and populating these tables is part of the procedure for setting up NIS+.
As part of setting up NIS+, a set of empty tables is created in the org_dir directory. Once the tables are created, authorized principals can add information from existing NIS maps or text files by using the nisaddent command or the nistbladm command, or by using the AdminSuite Database Manager to edit the contents of NIS+ databases. If NIS+ entries already exist in the table, authorized principals can use the nisaddent command to merge NIS map information with existing NIS+ information. See the nisaddent(1) manual page for more information.
NIS+ is designed to protect the information in its directories and tables from unauthorized access. For example, an authorized user can create a table listing the home telephone number and address of members of the Starlight Engineering domain as part of the domains NIS+ directory. Access to this table can be limited to all or part of the Engineering organization. In another example, a desktop application can create NIS+ tables of application-specific information that must be available to the entire network. In a third example, confidential personnel information, such as the company identification number and job category for employees, can be stored in an NIS+ table with access only authorized on a very selective basis.
NIS+ controls access to servers, directories, and tables in two ways:
In addition to authentication and authorization of access rights, you can run the NIS+ daemon, rpc.nisd, at three different levels of security, as described in Table 5-3.
|0||Does not check the principals credentials at all. Any client is allowed to perform any operation. Level 0 is designed for testing and setting up the initial NIS+ root domain.|
|1||Checks the principals credentials and accepts any authentication. Because some credentials are easily forged, do not use this level on networks to which untrusted servers may have access. Level 1 is recommended for testing only.|
|2||Checks the principals credentials and accepts only DES authentication (described in the next section). Level 2 is the highest level of security currently provided and is the default level assigned to an NIS+ server.|
You control the level of security using the -S option when you start the rpc.nisd daemon. If a system is configured as an NIS+ server, the rpc.nisd daemon is automatically started when a system boots. When rpc.nisd is started with no arguments, the default security level is 2. To start the daemon with security level 0, use rpc.nisd-S 0. To start the daemon with security level 1, use rpc.nisd -S 1.
|Previous||Table of Contents||Next|