fns_nis+(5)

NAME

     fns_nis+ - overview of FNS over NIS+ implementation

DESCRIPTION

     Federated  Naming  Service  (FNS)  provides  a  method   for
     federating  multiple  naming services under a single, simple
     interface for the basic naming operations. One of the naming
     services  supported  by  FNS  is  NIS+,  the enterprise-wide
     information service in Solaris (see nis+(1)).  FNS  provides
     the XFN interface for performing naming and attribute opera-
     tions on FNS enterprise objects (organization,  site,  user,
     host,  and  service objects) using NIS+. FNS stores bindings
     for these objects in NIS+ and uses them in conjunction  with
     existing NIS+ objects.

  FNS Policies and NIS+
     FNS defines policies for naming  objects  in  the  federated
     namespace  (see  fns_policies(5)).  At the enterprise level,
     FNS policies specify naming for organizations, hosts, users,
     sites,  and  services.  The  enterprise-level naming service
     provides contexts to allow other objects to be  named  rela-
     tive to these objects.

     The organizational unit namespace  provides  a  hierarchical
     namespace for naming subunits of an enterprise. An organiza-
     tional unit maps to  an  NIS+  domain.  Organizational  unit
     names  can  be  either  fully qualified NIS+ domain names or
     relatively NIS+ domain names. If a terminal dot  is  present
     in  the name, it is treated as a fully  qualified name. Oth-
     erwise, the name is  resolved  relative  to  the  root  NIS+
     domain.

     Users in the NIS+ namespace are found in the  passwd.org_dir
     table of an NIS+ domain. Users in an FNS organizational unit
     correspond to the users in the  passwd.org_dir table of  the
     corresponding  NIS+  domain. FNS provides a context for each
     user in the  passwd.org_dir table.

     Hosts in the NIS+ namespace are found in the   hosts.org_dir
     table of an NIS+ domain. Hosts in an FNS organizational unit
     correspond to the hosts in the  hosts.org_dir table  of  the
     corresponding  NIS+  domain. FNS provides a context for each
     host in the  hosts.org_dir table.

     In NIS+, users and hosts have a notion of a home domain.  It
     is  the primary NIS+ domain that maintains information asso-
     ciated with them. A user or host's home domain can be deter-
     mined  directly using its NIS+ principal name, which is com-
     posed of the atomic user (login) name  or  the  atomic  host
     name,  and  the  name  of the NIS+ home domain. For example,
     user  jsmith with home domain wiz.com has an NIS+  principal
     name,  jsmith.wiz.com.
     A user's NIS+ home domain  corresponds  to  the  user's  FNS
     organizational unit and determines the binding for myens and
     myorgunit.

     A host's NIS+ home domain  corresponds  to  the  host's  FNS
     organizational unit and determines the binding for  thisens,
     thisorgunit, user, and host.

  Federating NIS+ with DNS or X.500
     Federating NIS+ with the global naming systems DNS or  X.500
     makes NIS+ contexts accessible outside of an NIS+ hierarchy.
     To enable the federation, the administrator must  first  add
     address  information in either DNS or X.500 (see  fns_dns(5)
     and fns_x500(5)). After this administrative  step  has  been
     taken, clients outside of the NIS+ hierarchy can access con-
     texts and perform  operations from outside the hierarchy  as
     an unauthenticated NIS+ client.

  NIS+ Security
     The command fncreate(1M) creates NIS+ tables and directories
     in the NIS+ hierarchy associated with the domain of the host
     on which it executes. The invoker of  fncreate(1M) and other
     FNS  commands is expected to have the necessary NIS+ creden-
     tials. (See nis+(1)  and  nisdefaults(1)).  The  environment
     variable  NIS_GROUP of the process specifies the group owner
     for the NIS+ objects thus created. In  order  to  facilitate
     administration  of the NIS+ objects, NIS_GROUP should be set
     to the name of the NIS+ administration group for the  domain
     prior  to  executing  fncreate(1M)  and  other FNS commands.
     Changes to NIS+-related properties, including default access
     control  rights, could be effected using NIS+ administration
     tools and interfaces after the context has been created. The
     NIS+  object  name that corresponds to an FNS composite name
     can be obtained using fnlookup(1) and fnlist(1).

SEE ALSO

     fnlist(1), fnlookup(1), nis+(1),  nischgrp(1),  nischmod(1),
     nischown(1),    nisdefaults(1),    nisls(1),   fncreate(1M),
     xfn(3XFN),      fns(5),      fns_dns(5),       fns_files(5),
     fns_initial_context(5),     fns_nis(5),     fns_policies(5),
     fns_references(5), fns_x500(5)
Man(1) output converted with man2html