NFS Services Administrator's Guide
Configuring and Administering NIS+
Setting Up the NIS+ Namespace
Chapter 5230
To Allow an NIS+ User Authenticated Access to
Another Domain
A user’s home domain is defined as the domain where the user has a
DES credential in the cred table. (Each NIS+ principal has a DES
credential in only one domain.) If a user needs to be authenticated in
another domain, the user must have a Local credential in that domain.
In domains where the user does not have a Local credential, the user is
treated as “nobody.”
1. From any NIS+ client host, issue the following commands to copy the
passwd table entry from the user’s home domain to the remote
domain where the user needs authenticated access:
nismatch name=username passwd.org_dir.user’s_homedomain \
> tempfile
nisaddent -a -f tempfile passwd remote_domainname
2. If necessary, change the user ID in the entry to ensure that it is
unique in the passwd table of the remote domain. Each user ID may
occur only once in a passwd table. See “To Modify an Entry in an
NIS+ Table” on page 243.
3. From any NIS+ client host, issue the following command:
nisaddcred -p UID -P loginname.domainname local
remote_domainname
The argument following the -p option is the user’s user ID from the
NIS+ passwd table in the remote domain where the user needs
authenticated access. The argument following the -P option is the
user’s NIS+ principal name and must end with a period.
The remote_domainname argument is the domain where the
credential will be created (the domain where the user needs
authenticated access).
The following example allows NIS+ principal sara.Eng.Wiz.Com to be
authenticated in domain Sales.Wiz.Com.:
nisaddcred -p 7899 -P sara.Eng.Wiz.Com. local Sales.Wiz.Com.
You must have create permission for the cred table and the passwd table
in the remote domain in order to complete this task.
For more information, see the following man pages: nisaddcred(1M),
nismatch(1), and nisaddent(1M).