Table 1. The masters and replicas for the NIS+
namespace used in this example, along with the clients in each
domain.
Domain Master Replica Clients
zoo.com human dolphin human, icarus, sapiensh
mammals.zoo.com human lion lion
birds.zoo.com icarus eagle eagle
Listing 1. Setting up the root server.
A. Set up the domain name, establish the NIS_GROUP
environment variable (Bourne & Korn Shell), and add the
/usr/lib/nis directory to your shell's command
search path.
# human:/> cat > /etc/defaultdomain
zoo.com.
[Control-D]
# human:/> domainname zoo.com.
# human:/> NIS_GROUP=admin.zoo.com.; export NIS_GROUP
# human:/> PATH=$PATH:/usr/lib/nis; export PATH
# human:/> []
B. Initialize the root server. The -r option is
necessary only when setting up the root server. Then start up
the NIS+ server daemon, rpc.nisd. If you are using
YP compatibility, use the -Y flag. Once again, the
-r option is used only on the root server.
# human:/> nisinit -r
# human:/> rpc.nisd -r -S 0
# human:/> []
C. Create the NIS+ tables. The -Y option sets the
permissions of the created object to operate in YP compatibility.
# human:/> nissetup
# human:/> []
D. Create credentials for yourself (the root user on the machine human),
in the default domain. Then create the administrative group admin in
the zoo.com. domain.
# human:/> nisaddcred des zoo.com.
# human:/> nisgrpadm -c admin.zoo.com.
# human:/> []
E. Next, change the domain objects' permissions to allow members of
the objects' group to read, modify, create and delete from the object.
Then add the machine to the administrative group.
# human:/> nischmod g+rmcd zoo.com.
# human:/> nisgrpadm -a admin.zoo.com human.zoo.com.
# human:/> []
F. Update the objects created so far with the public and private keys
created for yourself, start the caching daemon for NIS+, and kill
and restart the rpc.nisd.
# human:/> nisupdkeys zoo.com.
# human:/> nisupdkeys org_dir.zoo.com.
# human:/> nisupdkeys groups_dir.zoo.com.
# human:/> nis_cachemgr
# human:/> ps -ef | grep nisd
# human:/> kill -9
# human:/> rpc.nisd -r -S 2
# human:/> []
Listing 2. Add information to the NIS+ tables.
A. The -f option indicates a source file in the
current directory; the -t option indicates the table
in the org_dir directory of the current domain is to
be loaded; the name at the end of the command indicates that a
table with the structure of name is being
loaded.
# human:/etc> nisaddent -f rpc -t rpc.org_dir rpc
# human:/etc> nisaddent -f group -t group.org_dir group
# human:/etc> nisaddent -f passwd -t passwd.org_dir passwd
...
B. Add the auto_master and auto_home tables with the same command.
# human:/etc> nisaddent -f auto_master -t auto_master.org_dir key-value
# human:/etc> nisaddent -f auto_home -t auto_home.org_dir key-value
# human:/etc> []
Listing 3. Create credentials for user and
clients. Adding the domain name at the end of the command is
``good housekeeping'' practice.
A. The nisaddcred utility creates
a credential that referes to a passwd entry:
# human:/etc> nisaddcred -p 1003 -P sapiensh.zoo.com. local zoo.com.
# human:/etc> nisaddcred -p unix.1003@zoo.com -P sapiensh.zoo.com. des zoo.com.
# human:/etc> []
B. Adding a user to the administrative group
admin.zoo.com:
# human:/> nisgrpadm -a admin.zoo.com. sapiensh.zoo.com.
# human:/ []
C. Creating credentials for client machines:
# human:/> nisaddcred -p unix.dolphin@zoo.com -P dolphin.zoo.com. des zoo.com.
# human:/> nisaddcred -p unix.icarus@zoo.com -P icarus.zoo.com. des zoo.com.
# human:/> []
Listing 4. There are three ways to initialize a client, of
which the ``cold start'' method is the most secure.
A. Initialize a client machine in NIS+ using
the ``cold start'' method, and killing and restarting the
keyserv daemon.
# icarus:/tmp> nisinit -c -C NIS_COLD_START
# icarus:/tmp> ps -ef | grep keyserv
root 432 408 1 21:33:54 ? 0:03 keyserv
# icarus:/tmp> kill -9 432
# icarus:/tmp> keyserv
# icarus:/tmp> []
B. Explicitly log in in with secure RPC
password and then reboot the system by going to run-level 6:
# icarus:/tmp> keylogin -r
# icarus:/tmp> init 6
...
Listing 5. Setup a subdomain for mammals.zoo.com.
A. First, establish NIS_GROUP, then add the
subdomain and setup the tables.
# human:/> NIS_GROUP=admin.mammals.zoo.com.; export NIS_GROUP
# human:/> nismkdir -m human mammals.zoo.com.
# human:/> nissetup mammals.zoo.com.
# human:/> []
B. Create the administrative group for the mammals sub-domain,
and use nischmod to change
the permissions on the sub-domain object to allow group members
to read, modify, create and delete information.
# human:/> nisgrpadm -c admin.mammals.zoo.com.
# human:/> nischmod g+rmcd mammals.zoo.com.
# human:/> []
Listing 6. Create replica servers, dolphin,
lion, and eagle for the root domain, mammals sub-domain and the
birds sub-domain respectively. Then ``ping'' them to send the
object information from the master server.
# human:/> nismkdir -s dolphin zoo.com.
# human:/> nismkdir -s lion mammals.zoo.com.
# human:/> nisping zoo.com.
# human:/> nisping mammals.zoo.com.
# human:/> rlogin icarus
Password:
# icarus:/> nismkdir -s eagle birds.zoo.com.
# icarus:/> nisping birds.zoo.com.
# icarus:/> []
|
REPORTS
ANALYTICS
Follow 
