NFS Services Administrator's Guide
Configuring and Administering NIS+
Overview of NIS+
Chapter 5208
NIS+ Authentication and Authorization
Authentication is the process by which NIS+ determines who you are.
To be an authenticated NIS+ user, you must have an entry in the cred
table, and your password must decrypt your secure RPC key, which is
stored in the cred table.
When you log in and supply your password, NIS+ identifies you as an
NIS+ principal. If you are a non-root user, your NIS+ principal name is
loginname.domainname. For example, if you log in as user ming in
domain Wiz.Com., your NIS+ principal name is ming.Wiz.Com. If you
are a root user, NIS+ identifies you by the host name where you logged
in, and your NIS+ principal name is hostname.domainname. For
example, if you logged in as root to host garlic in the Eng.Wiz.Com.
domain, your NIS+ principal name is garlic.Eng.Wiz.Com.
The cred table stores two types of credentials: Local and DES. A Local
credential associates an NIS+ principal name with a user ID. Only
non-root users have Local credentials. A DES credential contains the
secure RPC keys for authenticating an NIS+ user. Both root and non-root
users may have DES credentials. Each NIS+ principal has only one DES
credential, in his or her home domain, but he or she may have Local
credentials in many domains.
Authorization is the process by which NIS+ determines what you are
allowed to do with NIS+ objects. Every NIS+ object has a permissions
string that determines who can read, modify, create, or destroy it. This
permissions string is similar to the HP-UX file permissions string that
grants read, write, and execute permissions to HP-UX users.
NIS+ grants 4 types of permissions: (r)ead, (m)odify, (c)reate, and
(d)estroy. It grants permissions to 4 types of users: nobody, owner, group,
and world. Figure 5-3 shows the format of an NIS+ permissions string:
Figure 5-3 Format of the NIS+ Permissions String
r m c d r m c d r m c d r m c d
-
r
ea
d
-
m
o
di
fy
-
create
- destroy
}
}
}
}
nobody owner group world