Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
  Previous   Contents   Next 
   
 
Chapter 5

Setting Up the Root Domain

This chapter provides step-by-step instructions for setting up the root domain and DES authentication using the NIS+ command set.

Note - NIS+ might not be supported in a future release. Tools to aid the migration from NIS+ to LDAP are available in the Solaris™ 9 operating environment. (see Part V). For more information, visit http://www.sun.com/directory/nisplus/transition.html.

Introduction to Setting Up the Root Domain

This task describes how to configure the root domain with the root master server running at security level 2 (the normal level).

Note - It is much easier to perform this task with the NIS+ installation scripts than with the NIS+ command set as described here. The methods described in this chapter should be used only by those administrators who are very familiar with NIS+ and who require some nonstandard features or configurations not provided by the installation scripts.

Setting up the root domain involves three major tasks:

  • Preparing the root master server

  • Creating the root domain

  • Creating credentials for the root domain

However, setting up the root domain is not as simple as performing these three tasks in order; they are intertwined with one another. For instance, you must specify some security parameters before you create the root directory, the rest, after. To make the root domain easier to configure, this chapter separates these tasks into individual steps and arranges them into their most efficient order.

Standard Versus NIS-Compatible Configuration Procedures

The steps in this chapter apply to both a standard NIS+ root domain and an NIS-compatible root domain. There are, however, some important differences. The NIS+ daemon for an NIS-compatible domain must be started with the -Y option, which allows the root master server to answer requests from NIS clients. This is described in Step 11. The equivalent step for standard NIS+ domains is Step 12.

An NIS-compatible domain also requires read rights to the passwd table for the nobody class, which allows NIS clients to access the information stored in the table's passwd column. This is accomplished with the -Y option to the nissetup command, in Step 14. The standard NIS+ domain version uses the same command but without the -Y option.

Establishing the Root Domain

The procedure describes each step in detail and provides related information. For those who do not need detailed instructions, a summary listing of the necessary commands is provided on "Root Domain Configuration Summary".

Summary of Steps

Here is a summary of the entire configuration process:

  1. Log in as superuser to the root master server.

  2. Check the root master server's domain name.

  3. Check the root master server's switch-configuration file.

  4. Optionally, configure the Diffie-Hellman key length.

  5. Clean out leftover NIS+ material and processes.

  6. Name the root domain's admin group.

  7. Create the root directory and initialize the root master server.

  8. [NIS-compatibility Only] Start the NIS+ daemon with -Y. [Standard NIS+ Only] Start the NIS+ daemon.

  9. Verify that the daemon is running.

  10. Create the root domain's subdirectories and tables.

  11. Create DES credentials for the root master server.

  12. Create the root domain's admin group.

  13. Add the root master to the root domain's admin group.

  14. Update the root domain's public keys.

  15. Start the NIS+ cache manager.

  16. Restart the NIS+ daemon with security level 2.

  17. Add your LOCAL credentials to the root domain.

  18. Add your DES credentials to the root domain.

  19. Add credentials for other administrators.

  20. Add yourself and other administrators to the root domain's admin group.

Establishing the Root Domain--Task Map

Table 5-1 Establishing the Root Domain

Task

Description

For Instructions, Go To

Establishing the Root Domain

Use the domainname command to establish the root domain. Optionally extend the Diffie-Hellman key length. Stop and start the ncsd daemon. Kill and restart keyserv. Clean out leftover NIS+ information.

"How to Configure a Root Domain"

Security Considerations

NIS+ provides preset security defaults for the root domain. The default security level is level 2. Operational networks with actual users should always be run at security level 2. Security levels 0 and 1 are for configuring and testing purposes only. Do not run an operational network at level 0 or 1.

Note - The NIS+ security system is complex. If you are not familiar with NIS+ security, you might want to review Chapter 11, NIS+ Security Overviewbefore starting to configure your NIS+ environment.

Prerequisites

Before proceeding, make sure that:

  • The /etc/passwd file on the root master server contains an entry for you and every other administrator whose credentials will be added to the root domain in this configuration process.

  • If the server will operate in NIS-compatibility mode and support DNS forwarding for Solaris 1.x release clients, it must have a properly configured /etc/resolv.conf file.

  • The server must have a unique machine name that duplicates all user IDs.

  • The server must have a machine name that does not contain any dots. For example, a machine named sales.alpha is not allowed. A machine named sales-alpha is allowed.

 		 
 
  Previous   Contents   Next