Transferring Information From NIS+ to NIS
This task transfers the contents of NIS+ tables into NIS maps on a Solaris 1.x NIS master server. Here is an outline of the procedure:
Log in to the NIS+ server.
Transfer the NIS+ tables in to output files.
Transfer the contents of the output files to the NIS maps.
NIS to NIS+ Security Considerations
To perform this task, you must have read access to each table whose contents you transfer.
Prerequisites
The maps must already have been built on the NIS server.
Transferring Information From NIS+ to NIS -- Task Map
Table 9-3 Transferring Information From NIS+ to NIS
Task | Description | For Instructions, Go To | |
|---|---|---|---|
Transferring Information From NIS+ to NIS | Transfer information from NIS+ tables to NIS maps on a Solaris 1.x NIS master server | ||
How to Transfer Information From NIS+ to NIS
Log in to the NIS+ server.
This example uses the server named dualserver.
Transfer the NIS+ tables to output files.
Use the nisaddent command with the -d option, once for each table.
dualserver% /usr/lib/nis/nisaddent -d -t table tabletype > filename
The -d option transfers the contents of table to filename, converting the contents back to standard /etc file format.
Transfer the contents of the output files in to the NIS maps.
The NIS+ output files are ASCII files that you can use as input files for the NIS maps. Copy them into the NIS master's /etc directory, then use make as usual.
dualserver# cd /var/yp dualserver# make
Limiting Access to the Passwd Column to Owners and Administrators
This task describes how to limit read access to the password-related columns of the passwd table to the entry owner and the table administrators, without affecting the read access of other authenticated principals (including applications) to the remaining columns of the passwd table.
This task establishes the following rights:
Nobody Owner Group World Table Level Rights: ---- rmcd rmcd ---- Passwd Column Rights: ---- rm-- rmcd ---- Shadow Column Rights: ---- rm-- rmcd ---- |
Passwd Column Security Considerations
The domain must not be running in NIS-compatibility mode.
All clients of the domain must have DES credentials.
All clients of the domain must be running Solaris Release 2.3 or a later release.
Users' network passwords (used to encrypt their DES credentials) must be the same directory as their login passwords.
Prerequisites
The passwd table must have already been set up. It need not have any information in it, however.
The NIS+ principal performing this task must have modify rights to the passwd table.
Information You Need
All you need is the name of the passwd table.
Limiting Access to the Passwd Column to Owners and Administrators -- Task Map
Table 9-4 Limiting Access to the Passwd Column to Owners and Administrators
Task | Description | For Instructions, Go To | |
|---|---|---|---|
Limiting Access to the Passwd Column to Owners and Administrators | Modify passwd.org_dir, via NIS+ commands, to restrict access to the passwd column for owners and administrators. | ||
How to Limit Read Access to the Passwd Column
Log in to the domain's master server.
The examples in this task use the root master server, rootmaster.
Check the current table and column permissions.
Use the niscat -o command.
rootmaster# niscat -o passwd.org_dir
This task assumes the existing permissions are:
Access Rights : ----rmcdrmcdr--- Columns : [0] Name : name Access Rights : r-----------r--- [1] Name : passwd Access Rights : -----m---------- [2] Name : uid Access Rights : r-----------r--- [3] Name : gid Access Rights : r-----------r--- [4] Name : gcos Access Rights : r----m------r--- [5] Name : home Access Rights : r-----------r--- [6] Name : shell Access Rights : r-----------r--- [7] Name : shadow Access Rights : r-----------r---If your permissions are different, you may need to use a different syntax. For instructions, see Chapter 15, Administering NIS+ Access Rights.
Change the table permissions.
Use the nischmod command to change the table's object-level permissions to ---- rmcdrmcd ----
rootmaster# nischmod og=rmcd,nw= passwd.org_dir
Change the column permissions.
Use the nistbladm command with the -u option to change the permissions of the passwd and shadow columns to:
passwd ---- rm-- ---- ---- shadow ---- r--- ---- ---- rootmaster# nistbladm -u passwd=o+r, shadow=o+r passwd.org_dir
Verify the new permissions.
Use the niscat -o command, as you did in Step 2. The permissions should look the same as they do in that step's output.