Information Technology Reference
In-Depth Information
The NIS+ namespace is hierarchical and is similar to a Unix file system. This
structure allows the namespace to conform to the hierarchy of an organization
and can be divided into multiple domains that can be administrated separately.
Whereas NIS has weak security, NIS+ includes a security system that uses
both authentication and authorization to maintain the integrity of its name-
space.
Authentication
is a method to restrict access to specific users when
accessing a remote system. Authentication can be set up at both the system
level and the network level. Credentials are used to verify the identity of a
user. For NIS+, every request for access is authenticated by checking the cre-
dentials of the user.
Authorization
is a method to restrict the operations that
a user can perform on the remote system once the user has gained access (has
been authenticated). For NIS+, every component in the namespace specifies
the type of operations that it will accept from each user.
The Name Service Switch
Because Solaris 9 supports six naming services, a method is needed to select
which name services should be used and in which order. This capability is
provided by the
name service switch
, which consists of the
/etc/nsswitch.conf
file and five templates that can be used to simplify the
setup of the
nsswitch.conf
file.
Applications use standardized routines to obtain name resolution and other
system and network information. These routines consult the
/etc/
nsswitch.conf
file to determine which name service(s) should be queried.
The
/etc/nsswitch.conf
file contains entries for each type of data support-
ed by the name services. An entry consists of a keyword that identifies the
type of information, followed by one or more information sources. The
source keywords are separated from the information keyword and other
source keywords by one or more space characters. Table 16.2 lists the 20
types of information keywords.
Table 16.2
The /etc/nsswitch.conf Information Keywords
Information Keyword
Description
aliases
Mail aliases
auth_attr
RBAC authorizations database
automount
Information on the Auto File System (AutoFS) configuration
bootparams
Location of root, swap, and dump partitions for diskless work-
stations
(continued)
