Chapter 25

Federated Naming Service (FNS)

This chapter describes how to set up and configure the Federated Naming Service (FNS) in an NIS+, NIS, or files-based naming environment. (Files-based naming refers to name services that obtain their data from /etc files rather than NIS+ or NIS.) Additionally, it described the administration and troubleshooting for the FNS in the Solaris operating environment.

FNS Quickstart

FNS, the Federated Naming Service, supports the use of different autonomous naming systems in a single Solaris operating environment. FNS allows you to use a single, simple naming system interface for all of the different name services on your network. FNS conforms to the X/Open federated naming (XFN) specification.

FNS is not a replacement for NIS+, NIS, DNS, or /etc files. Rather, FNS is implemented on top of these services and allows you to use a set of common names with desktop applications.

X/Open Federated Naming (XFN)

The programming interface and policies that FNS supports are specified by XFN (X/Open Federated Naming).

Why FNS?

FNS is useful for the following reasons:

A single uniform naming and directory interface is provided to clients for accessing naming and directory services. Consequently, the addition of new naming and directory services does not require changes to applications or existing services.
Names can be composed in a uniform way. FNS defines a way to uniformly compose names from different naming systems so that applications can uniformly address objects in these different naming systems.
Coherent naming is encouraged through the use of shared contexts and shared names. Different applications can use these shared names and contexts and need not duplicate the work.

Composite Names and Contexts

Fundamental to FNS are the notions of composite names and contexts.

Composite Names

A composite name is a name that spans multiple naming systems.

A composite name consists of an ordered list of components. Each component is a name from the namespace of a single naming system. Individual naming systems are responsible for the syntax of each component. FNS defines the syntax for constructing a composite name using names from component naming systems. Composite names are composed left to right using the slash character (/) as the component separator.

For example, the composite name .../doc.com/site/bldg-5.alameda consists of four components: ..., doc.com, site, and bldg-5.alameda.

Contexts

A context provides operations for:

Associating (binding) names to objects
Resolving names to objects
Removing bindings
Listing names
Renaming
Associating attributes with named objects
Retrieving and updating attributes associated with named objects
Searching for objects using attributes

A context contains a set of name-to-reference bindings. Each reference contains a list of communication end-points or addresses. The federated naming system is formed by contexts from one naming system being bound in the contexts of another naming system. Resolution of a composite name proceeds from contexts within one naming system to those in the next until the name is resolved.

Attributes

Attributes may be applied to named objects. Attributes are optional. A named object can have no attributes, one attribute, or multiple attributes.

Each attribute has a unique attribute identifier, an attribute syntax, and a set of zero or more distinct attribute values.

XFN defines the base attribute interface for examining and modifying the values of attributes associated with existing named objects. These objects can be contexts or any other types of objects. Associated with a context are syntax attributes that describe how the context parses compound names.

The extended attribute interface contains operations that search for specific attributes and that create objects and their associated attributes.

FNS and the Name Service Switch

FNS, the Solaris implementation of the XFN API, can also be used to specify which name service a client is to query for naming information. The XFN API is more general in both the X and Y dimensions than the update getXbyY() interfaces that use the switch file. For example, it can be used to look up information on both hosts and users, from both NIS+ and NIS. An application can be a client of either getXbyY(), or XFN, or both.

Maintaining Consistency Between FNS and the Switch File

In order to ensure that changes made to namespace data through FNS are always available to clients obtaining namespace information through the switch file, always configure both the switch and FNS to use the same name service.

Namespace Updates

The support for data updates provided by the XFN API is superior to that of the getXbyY() interfaces. Most namespaces are composed of data from multiple sources. A groups namespace, for example, might contain information from both the /etc/group file and the NIS+ group.org_dir object. But the switch file does not provide enough information for an application update routine to identify the source of some particular piece of group data or the source to update.

Because each FNS subordinate namespace comes entirely from a single name service, updates are simple and straightforward because there is no confusion over which name service the update applies to.

Enterprise Naming Services

Enterprise-level naming services are used to name objects within an enterprise. FNS currently supports three enterprise-level naming services: NIS+, NIS and Files.

NIS+

NIS+ is the preferred enterprise-wide information service in the Solaris operating environment environment. FNS organization units correspond to NIS+ domains and subdomains. There is one orgunit context for each domain and subdomain.

Under NIS+, FNS context and attribute data are stored in NIS+ tables. These tables are stored in NIS+ directory objects named ctx_dir. There is a ctx_dir directory object for each NIS+ domain and subdomain, residing at the same level as the domain's groups_dir and org_dir directory objects. Thus, the directory object ctx_dir.sales.doc.com. contains FNS tables which store FNS context and attribute data for the sales.doc.com. domain.

Under NIS+, you use FNS and NIS+ commands to work with the information in FNS tables. Do not edit these tables directly or manipulate them with UNIX commands.

NIS

NIS is an enterprise-wide information service in the Solaris operating environment. Each enterprise is a single NIS domain. There is one FNS organizational unit which corresponds to the single NIS domain.

Under NIS, FNS context and attribute data are stored in NIS maps. These maps are stored in a /var/yp/domainname directory on an NIS server. Under NIS, the super user can use FNS commands to work with the information in FNS maps.

NIS Clients Can Update Contexts With FNS if SKI is Running

If certain conditions are met, any NIS client (machine, process, or user) can use FNS commands such as fncreate_fs or fncreate_printer to update the client's own contexts. This allows NIS clients to use FNS commands to update applications such as Printer Administrator, CDE Calendar Manager, Admin Tool and others.

For non-super-users to update their own contexts with FNS commands, the following conditions must be met:

Secure Key_management Infrastructure (SKI) must be available on the NIS master server.
The fnsypd daemon must be running on the NIS master server. This daemon must be started by someone with super user privileges.
A client user or machine is only allowed to update its own context.
The client must be authorized to perform the requested update.

Note - SKI does not support 64-bit mode. Thus, NIS clients cannot update contexts in 64-bit mode.


	Chapter 25 Federated Naming Service (FNS) This chapter describes how to set up and configure the Federated Naming Service (FNS) in an NIS+, NIS, or files-based naming environment. (Files-based naming refers to name services that obtain their data from `/etc` files rather than NIS+ or NIS.) Additionally, it described the administration and troubleshooting for the FNS in the Solaris operating environment. FNS Quickstart FNS, the Federated Naming Service, supports the use of different autonomous naming systems in a single Solaris operating environment. FNS allows you to use a single, simple naming system interface for all of the different name services on your network. FNS conforms to the X/Open federated naming (XFN) specification. FNS is not a replacement for NIS+, NIS, DNS, or `/etc` files. Rather, FNS is implemented on top of these services and allows you to use a set of common names with desktop applications. X/Open Federated Naming (XFN) The programming interface and policies that FNS supports are specified by XFN (X/Open Federated Naming). Why FNS? FNS is useful for the following reasons: A single uniform naming and directory interface is provided to clients for accessing naming and directory services. Consequently, the addition of new naming and directory services does not require changes to applications or existing services. Names can be composed in a uniform way. FNS defines a way to uniformly compose names from different naming systems so that applications can uniformly address objects in these different naming systems. Coherent naming is encouraged through the use of shared contexts and shared names. Different applications can use these shared names and contexts and need not duplicate the work. Composite Names and Contexts Fundamental to FNS are the notions of composite names and contexts. Composite Names A composite name is a name that spans multiple naming systems. A composite name consists of an ordered list of components. Each component is a name from the namespace of a single naming system. Individual naming systems are responsible for the syntax of each component. FNS defines the syntax for constructing a composite name using names from component naming systems. Composite names are composed left to right using the slash character (`/`) as the component separator. For example, the composite name `.../doc.com/site/bldg-5.alameda` consists of four components: `...`, `doc.com`, `site`, and `bldg-5.alameda`. Contexts A context provides operations for: Associating (binding) names to objects Resolving names to objects Removing bindings Listing names Renaming Associating attributes with named objects Retrieving and updating attributes associated with named objects Searching for objects using attributes A context contains a set of name-to-reference bindings. Each reference contains a list of communication end-points or addresses. The federated naming system is formed by contexts from one naming system being bound in the contexts of another naming system. Resolution of a composite name proceeds from contexts within one naming system to those in the next until the name is resolved. Attributes Attributes may be applied to named objects. Attributes are optional. A named object can have no attributes, one attribute, or multiple attributes. Each attribute has a unique attribute identifier, an attribute syntax, and a set of zero or more distinct attribute values. XFN defines the base attribute interface for examining and modifying the values of attributes associated with existing named objects. These objects can be contexts or any other types of objects. Associated with a context are syntax attributes that describe how the context parses compound names. The extended attribute interface contains operations that search for specific attributes and that create objects and their associated attributes. FNS and the Name Service Switch FNS, the Solaris implementation of the XFN API, can also be used to specify which name service a client is to query for naming information. The XFN API is more general in both the X and Y dimensions than the update `getXbyY()` interfaces that use the switch file. For example, it can be used to look up information on both hosts and users, from both NIS+ and NIS. An application can be a client of either `getXbyY()`, or XFN, or both. Maintaining Consistency Between FNS and the Switch File In order to ensure that changes made to namespace data through FNS are always available to clients obtaining namespace information through the switch file, always configure both the switch and FNS to use the same name service. Namespace Updates The support for data updates provided by the XFN API is superior to that of the `getXbyY()` interfaces. Most namespaces are composed of data from multiple sources. A groups namespace, for example, might contain information from both the `/etc/group` file and the NIS+ `group.org_dir` object. But the switch file does not provide enough information for an application update routine to identify the source of some particular piece of group data or the source to update. Because each FNS subordinate namespace comes entirely from a single name service, updates are simple and straightforward because there is no confusion over which name service the update applies to. Enterprise Naming Services Enterprise-level naming services are used to name objects within an enterprise. FNS currently supports three enterprise-level naming services: NIS+, NIS and Files. NIS+ NIS+ is the preferred enterprise-wide information service in the Solaris operating environment environment. FNS organization units correspond to NIS+ domains and subdomains. There is one `orgunit` context for each domain and subdomain. Under NIS+, FNS context and attribute data are stored in NIS+ tables. These tables are stored in NIS+ directory objects named `ctx_dir`. There is a `ctx_dir` directory object for each NIS+ domain and subdomain, residing at the same level as the domain's `groups_dir` and `org_dir` directory objects. Thus, the directory object `ctx_dir.sales.doc.com.` contains FNS tables which store FNS context and attribute data for the `sales.doc.com.` domain. Under NIS+, you use FNS and NIS+ commands to work with the information in FNS tables. Do not edit these tables directly or manipulate them with UNIX commands. NIS NIS is an enterprise-wide information service in the Solaris operating environment. Each enterprise is a single NIS domain. There is one FNS organizational unit which corresponds to the single NIS domain. Under NIS, FNS context and attribute data are stored in NIS maps. These maps are stored in a `/var/yp/`domainname directory on an NIS server. Under NIS, the super user can use FNS commands to work with the information in FNS maps. NIS Clients Can Update Contexts With FNS if SKI is Running If certain conditions are met, any NIS client (machine, process, or user) can use FNS commands such as `fncreate_fs` or `fncreate_printer` to update the client's own contexts. This allows NIS clients to use FNS commands to update applications such as Printer Administrator, CDE Calendar Manager, Admin Tool and others. For non-super-users to update their own contexts with FNS commands, the following conditions must be met: Secure Key_management Infrastructure (SKI) must be available on the NIS master server. The `fnsypd` daemon must be running on the NIS master server. This daemon must be started by someone with super user privileges. A client user or machine is only allowed to update its own context. The client must be authorized to perform the requested update. Note - SKI does not support 64-bit mode. Thus, NIS clients cannot update contexts in 64-bit mode.