Using NIS With C2 Security
If the $PWDIR/security/passwd.adjunct file is present, C2 security is started automatically. ($PWDIR is defined in /var/yp/Makefile.) The C2 security mode uses the passwd.adjunct file to create the passwd.adjunct NIS map. In this implementation, NIS allows you to use both the passwd.adjunct file and shadow file to manage security. The passwd.adjunct file is processed only when you type the following.
# make passwd.adjunct
The make passwd command processes the passwd map only, not the passwd.adjunct map when you run make manually in the C2 security mode.
Changing a Machine's NIS Domain
To change the NIS domain name of a machine, do the following.
How to Change a Machine's NIS Domain Name
Become superuser.
Edit the machine's /etc/defaultdomain file, exchanging its present contents with the new domain name for the machine.
For example, if the current domain name is sales.doc.com, you might change it to research.doc.com.
Run domainname `cat /etc/defaultdomain'
Set the machine up as an NIS client, slave, or master server.
See for Chapter 8, Setting Up and Configuring NIS Service for details.
Using NIS in Conjunction With DNS
Typically, NIS clients are configured with the nsswitch.conf file to use only NIS for machine name and address lookups. If this type of lookup fails, an NIS server can forward these lookups to DNS.
Configuring Machine Name and Address Lookup Through NIS and DNS
Log into the machine and become a superuser.
The two map files, hosts.byname and hosts.byaddr must include the YP_INTERDOMAIN key. To test this key, edit the Makefile and modify the following lines.
#B=-b B=
to
B=-b #B=
makedbm will now start with the --b flag when it makes the maps, and the YP_INTERDOMAIN key will be inserted into the ndbm files.
Run make to rebuild maps.
# /usr/ccs/bin/make hosts
Check that all the NIS server's /etc/resolv.conf files point to valid nameservers.
Note - If you have NIS servers that are not running Solaris, Release 2, make sure YP_INTERDOMAIN exists in the hosts maps.
To enable DNS forwarding, stop each server.
# /usr/lib/netsvc/yp/ypstop
Restart each server.
# /usr/lib/netsvc/yp/ypstart
In this implementation of NIS, ypstart will automatically start the ypserv daemon with the --d option to forward requests to DNS.
Dealing with Mixed NIS Domains
If the master and slave servers are not both running Solaris 2, refer to the following table for how to avoid potential problems. The notation "4.0.3+" refers to the that and later releases of SunOS. makedm --b is a reference to the "-B" variable in the Makefile.
Table 9-1 NIS/DNS in Heterogeneous NIS Domains
Slave |
| Master |
|
| 4.0.3+ |
| Solaris |
4.0.3+ | Master: makedbm --b Slave: ypxfr | Master: makedbm --b Slave: ypxfr | Master: ypserv --d ypxrf --b |
Solaris NIS | Master: makedbm --b Slave: ypxfr | Master: makedbm --b Slave: ypxfr | Master: ypserv --d Slave: ypxfr with resolv.conf or ypxfr --b |
Turning Off NIS Services
If ypserv on the master is disabled, you can no longer update any of the NIS maps. If you choose to turn off NIS on a network currently running it, you can disable NIS after the next reboot by renaming the ypbind file to ypbind.orig, as follows.
% mv /usr/lib/netsvc/yp/ypbind /usr/lib/netsvc/yp/ypbind.orig
To disable NIS after the next reboot on a particular NIS slave or master, type the following on the server in question.
% mv /usr/lib/netsvc/yp/ypserv /usr/lib/netsvc/yp/ypserv.orig
To stop NIS immediately, type the following.
% /usr/lib/netsvc/yp/ypstop
The NIS service is automatically restarted after the next reboot unless the ypbind and ypserv files are renamed as described above.