HP-UX Reference (11i v2 03/08) - 3 Library Functions N-Z (vol 7)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

nis_objects(3N) nis_objects(3N)

NAME

nis_objects - NIS+ object formats

SYNOPSIS

cc [ ﬂag ... ] ﬁle...

-lnsl [ library. . . ]

/usr/include/rpcsvc/nis_objects.h

DESCRIPTION

Common Attributes

The NIS+ service uses a variant record structure to hold the contents of the objects that are used by the

NIS+ service. These objects all share a common structure which deﬁnes a set of attributes that all objects

possess. The nis_object structure contains the following members:

typedef char *nis_name;

struct nis_object {

nis_oid zo_oid;

nis_name zo_name;

nis_name zo_owner;

nis_name zo_group;

nis_name zo_domain;

u_long zo_access;

u_long zo_ttl;

objdata zo_data;

};

In this structure, the ﬁrst member zo_oid, is a 64 bit number that uniquely identiﬁes this instance of

the object on this server. This member is ﬁlled in by the server when the object is created and changed by

the server when the object is modiﬁed. When used in conjunction with the object’s name and domain it

uniquely identiﬁes the object in the entire NIS+ namespace.

The second member, zo_name, contains the leaf name of the object. This name is never terminated with

a ‘.’ (dot). When an object is created or added to the namespace, the client library will automatically ﬁll in

this ﬁeld and the domain name from the name that was passed to the function.

zo_domain contains the name of the NIS+ domain to which this object belongs. This information is use-

ful when tracking the parentage of an object from a cache. When used in conjunction with the members

zo_name and zo_oid, it uniquely identiﬁes an object. This makes it possible to always reconstruct the

name of an object by using the code fragment

sprintf(buf,"%s.%s", obj→zo_name, obj→zo_domain);

The zo_owner and zo_group members contain the NIS+ names of the object’s principal owner and

group owner, respectively. Both names must be NIS+ fully qualiﬁed names. However, neither name can

be used directly to identify the object they represent. This stems from the condition that NIS+ uses itself

to store information that it exports.

The zo_owner member contains a fully qualiﬁed NIS+ name of the form principal.domain. This name is

called a NIS+ principal name and is used to identify authentication information in a credential table.

When the server constructs a search query of the form

[cname=principal ],cred.org_dir.domain.

The query will return to the server credential information about principal for all ﬂavors of RPC authenti-

cation that are in use by that principal. When an RPC request is made to the server, the authentication

ﬂavor is extracted from the request and is used to ﬁnd out the NIS+ principal name of the client. For

example, if the client is using the AUTH_DES authentication ﬂavor, it will include in the authentication

credentials the network name or netname of the user making the request. This netname will be of the

form

unix.UID@domain

The NIS+ server will then construct a query on the credential database of the form

[auth_name=netname,auth_type=AUTH_DES],cred.org_dir.domain.

This query will return an entry which contains a principal name in the ﬁrst column. This NIS+ principal

name is used to control access to NIS+ objects.

Section 3−−652 Hewlett-Packard Company − 1 − HP-UX 11i Version 2: August 2003