Directory Object Names
A directory's simple name is simply the name of the directory object. Its fully qualified name consists of its simple name plus the fully qualified name of its domain (which always includes a trailing dot):
groups_dir (simple name)
groups_dir.manf.doc.com. (fully qualified name)
If you set up an unusual hierarchy in which several layers of directories do not form a domain, be sure to include the names of the intermediate directories. For example:
lowest_dir.lower_dir.low_dir.mydomain.com.
The simple name is normally used from within the same domain, and the fully qualified name is normally used from a remote domain. However, by specifying search paths in a domain's NIS_PATH environment variable, you can use the simple name from remote domains (see "NIS_PATH Environment Variable").
Tables and Group Names
Fully qualified table and group names are formed by starting with the object name and appending the directory name, followed by the fully qualified domain name. Remember that all system table objects are stored in an org_dir directory and all group objects are stored in a groups_dir directory. (If you create your own NIS+ tables, you can store them anywhere you like.) Here are some examples of group and table names:
admin.groups_dir.doc.com. admin.groups_dir.doc.com. admin.groups_dir.sales.doc.com. admin.groups_dir.sales.doc.com. hosts.org_dir.doc.com. hosts.org_dir.doc.com. hosts.org_dir.sales.doc.com. hosts.org_dir.sales.doc.com. |
Table Entry Names
To identify an entry in an NIS+ table, you need to identify the table object and the entry within it. This type of name is called an indexed name. It has the following syntax:
[column=value,column=value,...],tablename |
Column is the name of the table column. Value is the actual value of that column. Tablename is the fully qualified name of the table object. Here are a few examples of entries in the hosts table:
[addr=129.44.2.1,name=pine],hosts.org_dir.sales.doc.com. [addr=129.44.2.2,name=elm],hosts.org_dir.sales.doc.com. [addr=129.44.2.3,name=oak],hosts.org_dir.sales.doc.com. |
You can use as few column-value pairs inside the brackets as required to uniquely identify the table entry.
Some NIS+ administrative commands accept variations on this syntax. For details, see the nistbladm, nismatch, and nisgrep commands in Part 2.
Host Names
Host names may contain up to 24 characters. Letters, numbers, the dash (-) and underscore (_) characters are allowed in host names. Host names are not case sensitive (that is, upper and lower case letters are treated as the same). The first character of a host name must be a letter of the alphabet. Blank spaces are not permitted in host names.
Note - Dots (.) are not permitted in host names. For example, a host name such as myco.2 is not permitted. Dots are not allowed in host names even if they are enclosed in quotes. For example, `myco.2' is not permitted. Dots are only used as part of a fully qualified host name to identify the domain components. For example, myco-2.sales.doc.com. is a correct fully qualified host name.
Domains and hosts should not have the same name. For example, if you have a sales domain you should not have a machine named sales. Similarly, if you have a machine named home, you do not want to create a domain named home. This caution applies to subdomains, for example if you have a machine named west you don't want to create a sales.west.myco.com subdomain.
NIS+ Principal Names
NIS+ principal names are sometimes confused with Secure RPC netnames. However, one difference is worth pointing out now because it can cause confusion: NIS+ principal names always end in a dot and Secure RPC netnames never do:
Table 2-5 NIS+ Principal Names
olivia.sales.doc.com. | NIS+ principal name |
unix.olivia@sales.doc.com | Secure RPC netname |
Also, even though credentials for principals are stored in a cred table, neither the name of the cred table nor the name of the org_dir directory is included in the principal name.
Accepted Name Symbols
You can form namespace names from any printable character in the ISO Latin 1 set. However, the names cannot start with these characters: @ < > + [ ] - / = . , : ;
To use a string, enclose it in double quotes. To use a quote sign in the name, quote the sign too (for example, to use o'henry, type o"'"henry). To include white space (as in John Smith), use double quotes within single quotes, like this:
`"John Smith"`
See "Host Names" for restrictions that apply to host names.
NIS+ Name Expansion
Entering fully qualified names with your NIS+ commands can quickly become tedious. To ease the task, NIS+ provides a name-expansion facility. When you enter a partially qualified name, NIS+ attempts to find the object by looking for it under different directories. It starts by looking in the default domain. This is the home domain of the client from which you type the command. If it does not find the object in the default domain, NIS+ searches through each of the default domain's parent directories in ascending order until it finds the object. It stops after reaching a name with only two labels. Here are some examples (assume you are logged onto a client that belongs to the software.big.sales.doc.com. domain).
NIS_PATH Environment Variable
You can change or augment the list of directories NIS+ searches through by changing the value of the environment variable NIS_PATH. NIS_PATH accepts a list of directory names separated by colons:
setenv NIS_PATH directory1: directory2: directory3 ... |
or
NIS_PATH=directory1: directory2: directory3 ...;export NIS_PATH |
NIS+ searches through these directories from left to right. For example:
Like $PATH and $MANPATH, the NIS_PATH variable accepts the special symbol, $. You can append the $ symbol to a directory name or add it by itself. If you append it to a directory name, NIS+ appends the default directory to that name. For example:
If you use the $ sign by itself (for example, org_dir.$:$), NIS+ performs the standard name expansion described earlier: it starts looking in the default directory and proceeds through the parent directories. In other words, the default value of NIS_PATH is $.
Note - Keep in mind that additions and changes to your NIS_PATH may increase the number of lookups that NIS+ has to perform and thus slow down performance.
Preparing the Existing Namespace
If an NIS domain already exists at your site, you can use the same flat domain structure for your NIS+ namespace. (You can change it later to a hierarchical structure.) Read Chapter 26, Transitioning from NIS to NIS+ before you starting your transition from NIS to NIS+ for important planning and preparation information. The NIS+ scripts enable you to start NIS+ with data from NIS maps. Chapter 4, Configuring NIS+ With Scripts shows you how to use the NIS+ scripts to create an NIS+ namespace from either system files or NIS maps.
In order for the scripts to run smoothly, however, you must prepare your existing namespace (if you have one) for conversion to NIS+. These preparations are described fully in Chapter 26, Transitioning from NIS to NIS+.
For your reference, key preparations are summarized below:
Domain and host names. Domains and hosts must not have the same name. For example, if you have a sales domain you cannot have a machine named sales. Similarly, if you have a machine named home, do not create a domain named home. This caution also applies to subdomains; for example, if you have a machine named west, you do not want to create a sales.west.myco.com subdirectory.
No dots in host names. Because NIS+ uses dots (periods) to delimit between machine names and domains and between parent and subdomains, you cannot have a machine name containing a dot. Before converting to NIS+ (before running the scripts) you must eliminate any dots in your host names. You should convert host name dots to hyphens. For example, you cannot have a machine named sales.alpha. you can convert that name to sales-alpha.
Root server must be running. The machine that is designated to be the root server must be up and running and you must have superuser access to it.
View any existing local /etc files or NIS maps that you will load data from. Make sure that there are no spurious or incorrect entries. Make sure that the right data is in the correct place and format. Remove any outdated, invalid, or corrupt entries. You should also remove any incomplete or partial entries. You can always add individual entries after configuration is completed. That is easier than trying to load incomplete or damaged entries.
Caution - In Solaris 2.4 and earlier, the /var/nis
directory contained two files named hostname.dict and hostname.log.
It also contained a subdirectory named /var/nis/hostname. When you install NIS+ for Solaris 2.5, the two files
are named trans.log and data.dict,
and the subdirectory is named /var/nis/data. In Solaris
2.5, the content of the files has also been changed and
they are not backward compatible with Solaris 2.4 or earlier. Thus, if you
rename either the directories or the files to match the Solaris 2.4 patterns,
the files will not work with either the Solaris 2.4 or the Solaris 2.5 version
of rpc.nisd. Therefore, you should rename neither the directories
nor the files.
Two Configuration Methods
The rest of this part of the manual describes two different methods of configuring an NIS+ namespace:
With the setup (configuration) scripts. This chapter and Chapter 4, Configuring NIS+ With Scripts describe how to configure NIS+ using the three NIS+ scripts: nisserver, nispopulate, and nisclient. This is the easiest, as well as recommended, method.
With the NIS+ command set. Chapter 6, Configuring NIS+ Clients, Chapter 7, Configuring NIS+ Servers, and Chapter 8, Configuring a Non-Root Domain describe how to configure NIS+ using the NIS+ command set. While this method gives you more flexibility than the scripts method, it is more difficult. This method should be used only by experienced NIS+ administrators who need to configure a namespace with characteristics significantly different than those provided by the configuration scripts.
Note - If you use the NIS+ command set, you must also make sure that each machine using NIS+ for its name service has the correct nsswitch.conf file in its /etc directory as described in Chapter 1, The Name Service Switch. If you use the NIS+ configuration scripts on a given machine, this step is performed for you.
See Chapter 22, Removing NIS+ for information on how to remove an NIS+ directory or domain, an NIS+ server, or the NIS+ namespace.