1NIS+(1) User Commands NIS+(1)
2
6 NIS+, nis+, nis - a new version of the network information name service
7
9 NIS+ is a new version of the network information nameservice. This ver‐
10 sion differs in several significant ways from version 2, which is
11 referred to as NIS or YP in earlier releases. Specific areas of
12 enhancement include the ability to scale to larger networks, security,
13 and the administration of the service.
14 The man pages for NIS+ are broken up into three basic categories. Those
17 in section 1 are the user commands that are most often executed from a
18 shell script or directly from the command line. Section 1M man pages
19 describe utility commands that can be used by the network administrator
20 to administer the service itself. The NIS+ programming API is described
21 by man pages in section 3NSL.
22 All commands and functions that use NIS version 2 are prefixed by the
25 letters yp as in ypmatch(1), ypcat(1), yp_match(3NSL), and
26 yp_first(3NSL). Commands and functions that use the new replacement
27 software NIS+ are prefixed by the letters nis as in nismatch(1),
28 nischown(1), nis_list(3NSL), and nis_add_entry(3NSL). A complete list
29 of NIS+ commands is in the LIST OF COMMANDS section.
30 This man page introduces the NIS+ terminology. It also describes the
33 NIS+ namespace, authentication, and authorization policies.
34
36 The naming model of NIS+ is based upon a tree structure. Each node in
37 the tree corresponds to an NIS+ object. There are six types of NIS+
38 objects: directory, table, group, link, entry, and private.
39 NIS+ Directory Object
41 Each NIS+ namespace has at least one NIS+ directory object. An NIS+
42 directory is like a UNIX file system directory which contains other
43 NIS+ objects including NIS+ directories. The NIS+ directory that forms
44 the root of the NIS+ namespace is called the root directory. There are
45 two special NIS+ directories: org_dir and groups_dir. The org_dir
46 directory consists of all the system-wide administration tables, such
47 as passwd, hosts, and mail_aliases. The groups_dir directory consists
48 of NIS+ group objects which are used for access control. The collection
49 of org_dir, groups_dir and their parent directory is referred to as an
50 NIS+ domain. NIS+ directories can be arranged in a tree-like structure
51 so that the NIS+ namespace can match the organizational or administra‐
52 tive hierarchy.
53 NIS+ Table Object
55 NIS+ tables (not files), contained within NIS+ directories, store the
56 actual information about some particular type. For example, the hosts
57 system table stores information about the IP address of the hosts in
58 that domain. NIS+ tables are multicolumn and the tables can be searched
59 through any of the searchable columns. Each table object defines the
60 schema for its table. The NIS+ tables consist of NIS+ entry objects.
61 For each entry in the NIS+ table, there is an NIS+ entry object. NIS+
62 entry objects conform to the schema defined by the NIS+ table object.
63 NIS+ Group Object
65 NIS+ group objects are used for access control at group granularity.
66 NIS+ group objects, contained within the groups_dir directory of a
67 domain, contain a list of all the NIS+ principals within a certain NIS+
68 group. An NIS+ principal is a user or a machine making NIS+ requests.
69 NIS+ Link Object
71 NIS+ link objects are like UNIX symbolic file-system links and are typ‐
72 ically used for shortcuts in the NIS+ namespace.
73 Refer to nis_objects(3NSL) for more information about the NIS+
76 objects.
77
79 The NIS+ service defines two forms of names, simple names and indexed
80 names. Simple names are used by the service to identify NIS+ objects
81 contained within the NIS+ namespace. Indexed names are used to identify
82 NIS+ entries contained within NIS+ tables. Furthermore, entries within
83 NIS+ tables are returned to the caller as NIS+ objects of type entry.
84 NIS+ objects are implemented as a union structure which is described in
85 the file <rpcsvc/nis_object.x>. The differences between the various
86 types and the meanings of the components of these objects are described
87 in nis_objects(3NSL).
88 Simple Names
90 Simple names consist of a series of labels that are separated by the
91 `.'(dot) character. Each label is composed of printable characters from
92 the ISO Latin 1 set. Each label can be of any nonzero length, provided
93 that the fully qualified name is fewer than NIS_MAXNAMELEN octets
94 including the separating dots. (See <rpcsvc/nis.h> for the actual value
95 of NIS_MAXNAMELEN in the current release.) Labels that contain special
96 characters (see Grammar) must be quoted.
97 The NIS+ namespace is organized as a singly rooted tree. Simple names
100 identify nodes within this tree. These names are constructed such that
101 the leftmost label in a name identifies the leaf node and all of the
102 labels to the right of the leaf identify that object's parent node. The
103 parent node is referred to as the leaf's directory. This is a naming
104 directory and should not be confused with a file system directory.
105 For example, the name example.simple.name. is a simple name with three
108 labels, where example is the leaf node in this name, the directory of
109 this leaf is simple.name. which by itself is a simple name. The leaf of
110 which is simple and its directory is simply name.
111 The function nis_leaf_of(3NSL) returns the first label of a simple
114 name. The function nis_domain_of(3NSL) returns the name of the direc‐
115 tory that contains the leaf. Iterative use of these two functions can
116 break a simple name into each of its label components.
117 The name `.' (dot) is reserved to name the global root of the names‐
120 pace. For systems that are connected to the Internet, this global root
121 is served by a Domain Name Service. When an NIS+ server is serving a
122 root directory whose name is not `.'(dot) this directory is referred to
123 as a local root.
124 NIS+ names are said to be fully qualified when the name includes all of
127 the labels identifying all of the directories, up to the global root.
128 Names without the trailing dot are called partially qualified.
129 Indexed Names
131 Indexed names are compound names that are composed of a search crite‐
132 rion and a simple name. The search criterion component is used to
133 select entries from a table; the simple name component is used to iden‐
134 tify the NIS+ table that is to be searched. The search criterion is a
135 series of column names and their desired values enclosed in bracket
136 `[]' characters. These criteria take the following form:
137 [column_name=value, column_name =value , ... ]
140 A search criterion is combined with a simple name to form an indexed
143 name by concatenating the two parts, separated by a `,'(comma) charac‐
144 ter as follows.
145 [ search-criterion ],table.directory
148 When multiple column name/value pairs are present in the search crite‐
151 rion, only those entries in the table that have the appropriate value
152 in all columns specified are returned. When no column name/value pairs
153 are specified in the search criterion, [], all entries in the table are
154 returned.
155 Grammar
157 The following text represents a context-free grammar that defines the
158 set of legal NIS+ names. The terminals in this grammar are the charac‐
159 ters `.' (dot), `[' (open bracket), `]' (close bracket), `,' (comma),
160 `=' (equals) and whitespace. Angle brackets (`<' and `>'), which delin‐
161 eate non-terminals, are not part of the grammar. The character `|'
162 (vertical bar) is used to separate alternate productions and should be
163 read as ``this production OR this production''.
164 name ::= . | <simple name> | <indexed name>
169 simple name ::= <string>. | <string>.<simple name>
170 indexed name ::= <search criterion>,<simple name>
171 search criterion ::= [ <attribute list> ]
172 attribute list ::= <attribute> | <attribute>,<attribute
173 list>
174 attribute ::= <string> = <string>
175 string ::= ISO Latin 1 character set except the
176 character '/' (slash). The initial
177 character can not be a terminal char‐
178 acter or the characters '@' (at), '+'
179 (plus), or (`−') hyphen.
180 Terminals that appear in strings must be quoted with `"' (double
184 quote). The `"' character can be quoted by quoting it with itself `""'.
185 Name Expansion
187 The NIS+ service only accepts fully qualified names. However, since
188 such names can be unwieldy, the NIS+ commands in section 1 employ a
189 set of standard expansion rules that attempt to fully qualify a par‐
190 tially qualified name. This expansion is actually done by the NIS+
191 library function nis_getnames(3NSL) which generates a list of names
192 using the default NIS+ directory search path or the NIS_PATH environ‐
193 ment variable. The default NIS+ directory search path includes all the
194 names in its path. nis_getnames() is invoked by the functions
195 nis_lookup(3NSL) and nis_list(3NSL) when the EXPAND_NAME flag is used.
196 The NIS_PATH environment variable contains an ordered list of simple
199 names. The names are separated by the `:' (colon) character. If any
200 name in the list contains colons, the colon should be quoted as
201 described in the Grammar section. When the list is exhausted, the
202 resolution function returns the error NIS_NOTFOUND. This can mask the
203 fact that the name existed but a server for it was unreachable. If the
204 name presented to the list or lookup interface is fully qualified, the
205 EXPAND_NAME flag is ignored.
206 In the list of names from the NIS_PATH environment variable, the '$'
209 (dollar sign) character is treated specially. Simple names that end
210 with the label '$' have this character replaced by the default direc‐
211 tory (see nis_local_directory(3NSL)). Using "$" as a name in this list
212 results in this name being replaced by the list of directories between
213 the default directory and the global root that contain at least two
214 labels.
215 Below is an example of this expansion. Given the default directory of
218 some.long.domain.name., and the NIS_PATH variable set to
219 fred.bar.:org_dir.$:$. This path is initially broken up into the list:
220 1 fred.bar.
222 2 org_dir.$
225 3 $
228 The dollar sign in the second component is replaced by the default
232 directory. The dollar sign in the third component is replaced with the
233 names of the directories between the default directory and the global
234 root that have at least two labels in them. The effective path value
235 becomes:
236 1 fred.bar.
238 2a org_dir.some.long.domain.name.
241 3a some.long.domain.name.
244 3b long.domain.name.
247 3c domain.name.
250 Each of these simple names is appended to the partially qualified name
254 that was passed to the nis_lookup(3NSL) or nis_list(3NSL) interface.
255 Each is tried in turn until NIS_SUCCESS is returned or the list is
256 exhausted.
257 If the NIS_PATH variable is not set, the path ``$'' is used.
260 The library function nis_getnames(3NSL) can be called from user pro‐
263 grams to generate the list of names that would be attempted. The pro‐
264 gram nisdefaults(1) with the -s option can also be used to show the
265 fully expanded path.
266 Concatenation Path
268 Normally, all the entries for a certain type of information are stored
269 within the table itself. However, there are times when it is desirable
270 for the table to point to other tables where entries can be found. For
271 example, you might want to store all the IP addresses in the host table
272 for their own domain, and yet want to be able to resolve hosts in some
273 other domain without explicitly specifying the new domain name. NIS+
274 provides a mechanism for concatenating different but related tables
275 with a "NIS+ Concatenation Path". With a concatenation path, you can
276 create a sort of flat namespace from a hierarchical structure. You can
277 also create a table with no entries and just point the hosts or any
278 other table to its parent domain. Notice that with such a setup, you
279 are moving the administrative burden of managing the tables to the par‐
280 ent domain. The concatenation path slows down the request response time
281 because more tables and more servers are searched. It also decreases
282 the availability if all the servers are incapacitated for a particular
283 directory in the table path.
284 The NIS+ Concatenation Path is also referred to as the "table path".
287 This path is set up at table creation time through nistbladm(1). You
288 can specify more than one table to be concatenated and they are
289 searched in the given order. Notice that the NIS+ client libraries, by
290 default, do not follow the concatenation path set in site-specific
291 tables. Refer to nis_list(3NSL) for more details.
292 Namespaces
294 The NIS+ service defines two additional disjoint namespaces for its own
295 use. These namespaces are the NIS+ Principal namespace, and the NIS+
296 Group namespace. The names associated with the group and principal
297 namespaces are syntactically identical to simple names. However, the
298 information they represent cannot be obtained by directly presenting
299 these names to the NIS+ interfaces. Instead, special interfaces are
300 defined to map these names into NIS+ names so that they can then be
301 resolved.
302 Principal Names
304 NIS+ principal names are used to uniquely identify users and machines
305 that are making NIS+ requests. These names have the form:
306 principal.domain
309 Here domain is the fully qualified name of an NIS+ directory where the
312 named principal's credentials can be found. See Directories and Domains
313 for more information on domains. Notice that in this name, principal,
314 is not a leaf in the NIS+ namespace.
315 Credentials are used to map the identity of a host or user from one
318 context such as a process UID into the NIS+ context. They are stored as
319 records in an NIS+ table named cred, which always appears in the
320 org_dir subdirectory of the directory named in the principal name.
321 This mapping can be expressed as a replacement function:
324 principal.domain ->[cname=principal.domain ],cred.org_dir.domain
326 This latter name is an NIS+ name that can be presented to the
331 nis_list(3NSL) interface for resolution. NIS+ principal names are
332 administered using the nisaddcred(1M) command.
333 The cred table contains five columns named cname, auth_name, auth_type,
336 public_data, and private_data. There is one record in this table for
337 each identity mapping for an NIS+ principal. The current service sup‐
338 ports three types of mappings:
339 LOCAL This mapping is used to map from the UID of a given process
341 to the NIS+ principal name associated with that UID. If no
342 mapping exists, the name nobody is returned. When the
343 effective UID of the process is 0 (for example, the supe‐
344 ruser), the NIS+ name associated with the host is returned.
345 Notice that UIDs are sensitive to the context of the
346 machine on which the process is executing.
347 DES This mapping is used to map to and from a Secure RPC ``net‐
350 name'' into an NIS+ principal name. See secure_rpc(3NSL)
351 for more information on netnames. Notice that since net‐
352 names contain the notion of a domain, they span NIS+ direc‐
353 tories.
354 DHnnn-m Example: DH640-0, DH1024-0. Analogous to DES mappings,
357 these are used to map netnames and NIS+ principal names for
358 extended Diffie-Hellman keys. See nisauthconf(1M) for fur‐
359 ther information.
360 The NIS+ client library function nis_local_principal(3NSL) uses the
364 cred.org_dir table to map the UNIX notion of an identity, a process'
365 UID, into an NIS+ principal name. Shell programs can use the program
366 nisdefaults(1) with the -p switch to return this information.
367 Mapping from UIDs to an NIS+ principal name is accomplished by con‐
370 structing a query of the form:
371 [auth_type=LOCAL, auth_name=uid],cred.org_dir.default-domain.
374 This query returs a record containing the NIS+ principal name associ‐
377 ated with this UID, in the machine's default domain.
378 The NIS+ service uses the DES mapping to map the names associated with
381 Secure RPC requests into NIS+ principal names. RPC requests that use
382 Secure RPC include the netname of the client making the request in the
383 RPC header. This netname has the form:
384 unix.UID@domain
387 The service constructs a query using this name of the form:
390 [auth_type=DES, auth_name=netname],cred.org_dir.domain.
393 where the domain part is extracted from the netname rather than using
396 the default domain. This query is used to look up the mapping of this
397 netname into an NIS+ principal name in the domain where it was created.
398 This mechanism of mapping UID and netnames into an NIS+ principal name
401 guarantees that a client of the NIS+ service has only one principal
402 name. This principal name is used as the basis for authorization which
403 is described below. All objects in the NIS+ namespace and all entries
404 in NIS+ tables must have an owner specified for them. This owner field
405 always contains an NIS+ principal name.
406 Group Names
408 Like NIS+ principal names, NIS+ group names take the form:
409 group_name.domain
412 All objects in the NIS+ namespace and all entries in NIS+ tables can
415 optionally have a group owner specified for them. This group owner
416 field, when filled in, always contains the fully qualified NIS+ group
417 name.
418 The NIS+ client library defines several interfaces (nis_groups(3NSL))
421 for dealing with NIS+ groups. These interfaces internally map NIS+
422 group names into an NIS+ simple name which identifies the NIS+ group
423 object associated with that group name. This mapping can be shown as
424 follows:
425 group.domain −> group.groups_dir.domain
428 This mapping eliminates collisions between NIS+ group names and NIS+
431 directory names. For example, without this mapping, a directory with
432 the name engineering.foo.com., would make it impossible to have a group
433 named engineering.foo.com.. This is due to the restriction that within
434 the NIS+ namespace, a name unambiguously identifies a single object.
435 With this mapping, the NIS+ group name engineering.foo.com. maps to the
436 NIS+ object name engineering.groups_dir.foo.com.
437 The contents of a group object is a list of NIS+ principal names, and
440 the names of other NIS+ groups. See nis_groups(3NSL) for a more com‐
441 plete description of their use.
442
444 NIS+ defines a security model to control access to information managed
445 by the service. The service defines access rights that are selectively
446 granted to individual clients or groups of clients. Principal names and
447 group names are used to define clients and groups of clients that can
448 be granted or denied access to NIS+ information. These principals and
449 groups are associated with NIS+ domains as defined below.
450 The security model also uses the notion of a class of principals called
453 nobody, which contains all clients, whether or not they have authenti‐
454 cated themselves to the service. The class world includes any client
455 who has been authenticated.
456 Directories and Domains
458 Some directories within the NIS+ namespace are referred to as NIS+
459 Domains. Domains are those NIS+ directories that contain the subdirec‐
460 tories groups_dir and org_dir. Further, the subdirectory org_dir should
461 contain the table named cred. NIS+ Group names and NIS+ Principal names
462 always include the NIS+ domain name after their first label.
463 Authentication
465 The NIS+ name service uses Secure RPC for the integrity of the NIS+
466 service. This requires that users of the service and their machines
467 must have a Secure RPC key pair associated with them. This key is ini‐
468 tially generated with either the nisaddcred(1M) or nisclient(1M) com‐
469 mands and modified with the chkey(1) or nispasswd(1) commands.
470 The use of Secure RPC allows private information to be stored in the
473 name service that is not available to untrusted machines or users on
474 the network.
475 In addition to the Secure RPC key, users need a mapping of their UID
478 into an NIS+ principal name. This mapping is created by the system
479 administrator using either the nisclient(1M) or the nisaddcred(1M) com‐
480 mand.
481 Users that are using machines in several NIS+ domains must insure that
484 they have a local credential entry in each of those domains. This cre‐
485 dential should be created with the NIS+ principal name of the user in
486 the user's ``home'' domain. For the purposes of NIS+ and Secure RPC,
487 the home domain is defined to be the one where the user's Secure RPC
488 key pair is located.
489 Although extended Diffie-Hellman keys use an alternative to Secure
492 RPC, administration is done through the same commands. See nisauth‐
493 conf(1M).
494 Authorization
496 The NIS+ service defines four access rights that can be granted or
497 denied to clients of the service. These rights are read, modify, cre‐
498 ate, and destroy. These rights are specified in the object structure at
499 creation time and can be modified later with the nischmod(1) command.
500 In general, the rights granted for an object apply only to that object.
501 However, for purposes of authorization, rights granted to clients read‐
502 ing directory and table objects are granted to those clients for all of
503 the objects ``contained'' by the parent object. This notion of con‐
504 tainment is abstract. The objects do not actually contain other objects
505 within them. Notice that group objects do contain the list of princi‐
506 pals within their definition.
507 Access rights are interpreted as follows:
510 read This right grants read access to an object. For directory
512 and table objects, having read access on the parent object
513 conveys read access to all of the objects that are direct
514 children of a directory, or entries within a table.
515 modify This right grants modification access to an existing object.
518 Read access is not required for modification. However, in
519 many applications, one needs to read an object before modi‐
520 fying it. Such modify operations fail unless read access is
521 also granted.
522 create This right gives a client permission to create new objects
525 where one had not previously existed. It is only used in
526 conjunction with directory and table objects. Having create
527 access for a table allows a client to add additional
528 entries to the table. Having create access for a directory
529 allows a client to add new objects to an NIS+ directory.
530 destroy This right gives a client permission to destroy or remove an
533 existing object or entry. When a client attempts to destroy
534 an entry or object by removing it, the service first checks
535 to see if the table or directory containing that object
536 grants the client destroy access. If it does, the operation
537 proceeds, if the containing object does not grant this right
538 then the object itself is checked to see if it grants this
539 right to the client. If the object grants the right, then
540 the operation proceeds; otherwise the request is rejected.
541 Each of these rights can be granted to any one of four different cate‐
545 gories.
546 owner A right can be granted to the owner of an object. The
548 owner is the NIS+ principal identified in the owner
549 field. The owner can be changed with the nischown(1)
550 command. Notice that if the owner does not have modifi‐
551 cation access rights to the object, the owner cannot
552 change any access rights to the object, unless the
553 owner has modification access rights to its parent
554 object.
555 group owner A right can be granted to the group owner of an
558 object. This grants the right to any principal that is
559 identified as a member of the group associated with the
560 object. The group owner can be changed with the nis‐
561 chgrp(1) command. The object owner need not be a member
562 of this group.
563 world A right can be granted to everyone in the world. This
566 grants the right to all clients who have authenticated
567 themselves with the service.
568 nobody A right can be granted to the nobody principal. This
571 has the effect of granting the right to any client that
572 makes a request of the service, regardless of whether
573 they are authenticated or not.
574 Notice that for bootstrapping reasons, directory objects that are NIS+
578 domains, the org_dir subdirectory and the cred table within that subdi‐
579 rectory must have read access to the nobody principal. This makes navi‐
580 gation of the namespace possible when a client is in the process of
581 locating its credentials. Granting this access does not allow the con‐
582 tents of other tables within org_dir to be read (such as the entries in
583 the password table) unless the table itself gives "real" access rights
584 to the nobody principal.
585 Directory Authorization
587 Additional capabilities are provided for granting access rights to
588 clients for directories. These rights are contained within the object
589 access rights (OAR) structure of the directory. This structure allows
590 the NIS+ service to grant rights that are not granted by the directory
591 object to be granted for objects contained by the directory of a spe‐
592 cific type.
593 An example of this capability is a directory object which does not
596 grant create access to all clients, but does grant create access in
597 the OAR structure for group type objects to clients who are members of
598 the NIS+ group associated with the directory. In this example the only
599 objects that could be created as children of the directory would have
600 to be of the type group.
601 Another example is a directory object that grants create access only to
604 the owner of the directory, and then additionally grants create access
605 through the OAR structure for objects of type table, link, group, and
606 private to any member of the directory's group. This has the effect of
607 giving nearly complete create access to the group with the exception of
608 creating subdirectories. This restricts the creation of new NIS+
609 domains because creating a domain requires creating both a groups_dir
610 and org_dir subdirectory.
611 Notice that there is currently no command line interface to set or
614 change the OAR of the directory object.
615 Table Authorization
617 As with directories, additional capabilities are provided for granting
618 access to entries within tables. Rights granted to a client by the
619 access rights field in a table object apply to the table object and all
620 of the entry objects ``contained'' by that table. If an access right is
621 not granted by the table object, it can be granted by an entry within
622 the table. This holds for all rights except create.
623 For example, a table can not grant read access to a client performing a
626 nis_list(3NSL) operation on the table. However, the access rights field
627 of entries within that table can grant read access to the client.
628 Notice that access rights in an entry are granted to the owner and
629 group owner of the entry and not the owner or group of the table. When
630 the list operation is performed, all entries that the client has read
631 access to are returned. Those entries that do not grant read access are
632 not returned. If none of the entries that match the search criterion
633 grant read access to the client making the request, no entries are
634 returned and the result status contains the NIS_NOTFOUND error code.
635 Access rights that are granted by the rights field in an entry are
638 granted for the entire entry. However, in the table object an addi‐
639 tional set of access rights is maintained for each column in the table.
640 These rights apply to the equivalent column in the entry. The rights
641 are used to grant access when neither the table nor the entry itself
642 grant access. The access rights in a column specification apply to the
643 owner and group owner of the entry rather than the owner and group
644 owner of the table object.
645 When a read operation is performed, if read access is not granted by
648 the table and is not granted by the entry but is granted by the access
649 rights in a column, that entry is returned with the correct values in
650 all columns that are readable and the string *NP* (No Permission) in
651 columns where read access is not granted.
652 As an example, consider a client that has performed a list operation on
655 a table that does not grant read access to that client. Each entry
656 object that satisfied the search criterion specified by the client is
657 examined to see if it grants read access to the client. If it does, it
658 is included in the returned result. If it does not, then each column is
659 checked to see if it grants read access to the client. If any columns
660 grant read access to the client, data in those columns is returned.
661 Columns that do not grant read access have their contents replaced by
662 the string *NP*. If none of the columns grant read access, then the
663 entry is not returned.
664 Protocol Operation Authorization
666 Most NIS+ operations have implied access control through the permis‐
667 sions on the objects that they manipulate. For example, in order to
668 read an entry in a table, you must have read permission on that entry.
669 However, some NIS+ operations by default perform no access checking at
670 all and so are allowed for anyone.
671 Operation Example of commands that use the operation
673 NIS_CHECKPOINT nisping -C
676 NIS_CPTIME nisping, rpc.nisd
679 NIS_MKDIR nismkdir
682 NIS_PING nisping, rpc.nisd
685 NIS_RMDIR nisrmdir
688 NIS_SERVSTATE nisbackup, nisrestore
691 NIS_STATUS nisstat, rpc.nispasswdd
694 See nisopaccess(1) for a description of how to enforce access control
698 to these NIS+ operations.
699
701 The following lists all commands and programming functions related to
702 NIS+:
703 NIS+ User Commands
705 nisaddent(1M) add /etc files and NIS maps into their corre‐
706 sponding NIS+ tables
707 niscat(1) display NIS+ tables and objects
710 nischgrp(1) change the group owner of a NIS+ object
713 nischmod(1) change access rights on a NIS+ object
716 nischown(1) change the owner of a NIS+ object
719 nischttl(1) change the time to live value of a NIS+ object
722 nisdefaults(1) display NIS+ default values
725 niserror(1) display NIS+ error messages
728 nisgrep(1) utilities for searching NIS+ tables
731 nisgrpadm(1) NIS+ group administration command
734 nisln(1) symbolically link NIS+ objects
737 nisls(1) list the contents of a NIS+ directory
740 nismatch(1) utilities for searching NIS+ tables
743 nismkdir(1) create NIS+ directories
746 nisopaccess(1) access control for protocol operations
749 nispasswd(1) change NIS+ password information
752 nisrm(1) remove NIS+ objects from the namespace
755 nisrmdir(1) remove NIS+ directories
758 nisshowcache(1M) NIS+ utility to print out the contents of the
761 shared cache file
762 nistbladm(1) NIS+ table administration command
765 nistest(1) return the state of the NIS+ namespace using a
768 conditional expression
769 NIS+ Administrative Commands
772 aliasadm(1M) manipulate the NIS+ aliases map
773 nis_cachemgr(1M) NIS+ utility to cache location information
776 about NIS+ servers
777 nisaddcred(1M) create NIS+ credentials
780 nisaddent(1M) create NIS+ tables from corresponding /etc
783 files or NIS+ maps
784 nisauthconf(1M) configure extended Diffie-Hellman keys
787 nisbackup(1M) backup NIS+ directories
790 nisclient(1M) initialize NIS+ credentials for NIS+ principals
793 nisd(1M) NIS+ service daemon
796 nisd_resolv(1M) NIS+ service daemon
799 nisinit(1M) NIS+ client and server initialization utility
802 nislog(1M) display the contents of the NIS+ transaction
805 log
806 nisping(1M) send ping to NIS+ servers
809 nispopulate(1M) populate the NIS+ tables in a NIS+ domain
812 nisprefadm(1M) NIS+ utility to set server preferences for NIS+
815 clients
816 nisrestore(1M) restore NIS+ directory backup
819 nisserver(1M) set up NIS+ servers
822 nissetup(1M) initialize a NIS+ domain
825 nisshowcache(1M) NIS+ utility to print out the contents of the
828 shared cache file
829 nisstat(1M) report NIS+ server statistics
832 nisupdkeys(1M) update the public keys in a NIS+ directory
835 object
836 rpc.nisd(1M) NIS+ service daemon
839 rpc.nisd_resolv(1M) NIS+ service daemon
842 sysidns(1M) system configuration
845 NIS+ Programming API
848 nis_add(3NSL)
849 NIS+ namespace functions
851 nis_add_entry(3NSL)
854 NIS+ table functions
856 nis_addmember(3NSL)
859 NIS+ group manipulation functions
861 nis_checkpoint(3NSL)
864 misellaneous NIS+ log administration functions
866 nis_clone_object(3NSL)
869 NIS+ subroutines
871 nis_creategroup(3NSL)
874 NIS+ group manipulation functions
876 nis_destroy_object(3NSL)
879 NIS+ subroutines
881 nis_destroygroup(3NSL)
884 NIS+ group manipulation functions
886 nis_dir_cmp(3NSL)
889 NIS+ subroutines
891 nis_domain_of(3NSL)
894 NIS+ subroutines
896 nis_error(3NSL)
899 display NIS+ error messages
901 nis_first_entry(3NSL)
904 NIS+ table functions
906 nis_freenames(3NSL)
909 NIS+ subroutines
911 nis_freeresult(3NSL)
914 NIS+ namespace functions
916 nis_freeservlist(3NSL)
919 miscellaneous NIS+ functions
921 nis_freetags(3NSL)
924 miscellaneous NIS+ functions
926 nis_getnames(3NSL)
929 NIS+ subroutines
931 nis_getservlist(3NSL)
934 miscellaneous NIS+ functions
936 nis_groups(3NSL)
939 NIS+ group manipulation functions
941 nis_ismember(3NSL)
944 NIS+ group manipulation functions
946 nis_leaf_of(3NSL)
949 NIS+ subroutines
951 nis_lerror(3NSL)
954 display some NIS+ error messages
956 nis_list(3NSL)
959 NIS+ table functions
961 nis_local_directory(3NSL)
964 NIS+ local names
966 nis_local_group(3NSL)
969 NIS+ local names
971 nis_local_host(3NSL)
974 NIS+ local names
976 nis_local_names(3NSL)
979 NIS+ local names
981 nis_local_principal(3NSL)
984 NIS+ local names
986 nis_lookup(3NSL)
989 NIS+ namespace functions
991 nis_mkdir(3NSL)
994 miscellaneous NIS+ functions
996 nis_modify(3NSL)
999 NIS+ namespace functions
1001 nis_modify_entry(3NSL)
1004 NIS+ table functions
1006 nis_name_of(3NSL)
1009 NIS+ subroutines
1011 nis_names(3NSL)
1014 NIS+ namespace functions
1016 nis_next_entry(3NSL)
1019 NIS+ table functions
1021 nis_objects(3NSL)
1024 NIS+ object formats
1026 nis_perror(3NSL)
1029 display NIS+ error messages
1031 nis_ping(3NSL)
1034 miscellaneous NIS+ log administration functions
1036 nis_print_group_entry(3NSL)
1039 NIS+ group manipulation functions
1041 nis_print_object(3NSL)
1044 NIS+ subroutines
1046 nis_remove(3NSL)
1049 NIS+ namespace functions
1051 nis_remove_entry(3NSL)
1054 NIS+ table functions
1056 nis_removemember(3NSL)
1059 NIS+ group manipulation functions
1061 nis_rmdir(3NSL)
1064 miscellaneous NIS+ functions
1066 nis_server(3NSL)
1069 miscellaneous NIS+ functions
1071 nis_servstate(3NSL)
1074 miscellaneous NIS+ functions
1076 nis_sperrno(3NSL)
1079 display NIS+ error messages
1081 nis_sperror(3NSL)
1084 display NIS+ error messages
1086 nis_sperror_r(3NSL)
1089 display NIS+ error messages
1091 nis_stats(3NSL)
1094 miscellaneous NIS+ functions
1096 nis_subr(3NSL)
1099 NIS+ subroutines
1101 nis_tables(3NSL)
1104 NIS+ table functions
1106 nis_verifygroup(3NSL)
1109 NIS+ group manipulation functions
1111 NIS+ Files and Directories
1114 nisfiles(4) NIS+ database files and directory structure
1115
1118 <rpcsvc/nis_object.x> protocol description of an NIS+ object
1119 <rpcsvc/nis.x> defines the NIS+ protocol using the RPC lan‐
1122 guage as described in the ONC+ Developer's
1123 Guide
1124 <rpcsvc/nis.h> should be included by all clients of the NIS+
1127 service
1128
1131 nischown(1), nisdefaults(1), nismatch(1), nisopaccess(1), nispasswd(1),
1132 newkey(1M), nisaddcred(1M), nisauthconf(1M), nisclient(1M), nispopu‐
1133 late(1M), nisserver(1M), nis_add_entry(3NSL), nis_domain_of(3NSL),
1134 nis_getnames(3NSL), nis_groups(3NSL), nis_leaf_of(3NSL),
1135 nis_list(3NSL), nis_local_directory(3NSL), nis_lookup(3NSL),
1136 nis_objects(3NSL)
1137 System Administration Guide: Naming and Directory Services (DNS, NIS,
1139 and LDAP)
1140 Describes how to make the transition from NIS to NIS+.
1142 ONC+ Developer's Guide
1145 Describes the application programming interfaces for networks
1147 including NIS+.
1148 System Administration Guide: Naming and Directory Services (DNS, NIS,
1151 and LDAP)
1152 Describes how to plan for and configure an NIS+ namespace.
1154 System Administration Guide: IP Services
1157 Describes IPv6 extensions to Solaris name services.
1159
1162 NIS+ might not be supported in future releases of the Solaris operating
1163 system. Tools to aid the migration from NIS+ to LDAP are available in
1164 the current Solaris release. For more information, visit
1165 http://www.sun.com/directory/nisplus/transition.html.
1166SunOS 5.11 2 Dec 2005 NIS+(1)