SUBJECT: Solaris 2.x - NIS+ Environment

Description :

CONTENT: chapter 9.1 - NIS+ Environment

1. °³¿ä

   NetworkÀÇ »ç¿ëÀÌ ´Ã¾î³ª°í, ±×°÷¿¡ ¿¬°áµÈ ½Ã½ºÅÛÀÇ ¼ö°¡ Áõ°¡ÇÔ¿¡ µû¶ó networkÀÇ
   °¢°¢ÀÇ ½Ã½ºÅÛµéÀº ±×µéÀÇ network¿¡ °ü·ÃµÈ °ü¸®ÇؾßÇÒ Á¤º¸ÀÇ ¼ö°¡ Áõ°¡ÇÏ°Ô
   µÈ´Ù. Áï, network»óÀÇ ¸ðµç ½Ã½ºÅÛÀÇ ÁÖ¼ÒµéÀ» ¾Ë¾Æ¾ß ÇÏ°í, mountingÀ» À§ÇÑ Á¤º¸
   µé°ú ÀϹÝÀûÀÎ password¿¡´ëÇÑ Á¤º¸µéÀ» ¾Ë¾Æ¾ß ÇÏ°í, clientµéÀº server¿¡ ´ëÇÑ
   Á¤º¸¸¦ ¾Ë¾Æ¾ßÇÏ°í serverµéÀº ±×µéÀÇ client¿¡ ´ëÇÑ Á¤º¸¸¦ ¾Ë¾Æ¾ß ÇÑ´Ù. ÇÏÁö¸¸,
   ÀÌ·¯ÇÑ Á¤º¸µéÀÇ °ü¸®´Â ¼Ò±Ô¸ðÀÇ network»ó¿¡¼­´Â ¿ëÀÌÇÏ¿´Áö¸¸, ´ë±Ô¸ðÀÇ network
   »ó¿¡¼­´Â Èûµé°Ô µÇ¾ú´Ù. ÀÌ·¯ÇÑ ¹®Á¦Á¡À» ÇØ°áÇÏ°íÀÚ ÇÑ°ÍÀÌ NIS+·Î NISÀÇ Çâ»óµÈ
   ¹öÀüÀÌ´Ù.

2. NIS+¶õ ?

   NIS+´Â »ç¿ëÀÚ, workstation, network resourceµé¿¡ °üÇÑ Á¤º¸µéÀ» Á¦°øÇÏ´Â
   service¸¦ ¸»ÇÑ´Ù. ÀÌ°ÍÀº ÀûÁ¤ÇÑ Security¸¦ À¯ÁöÇϸ鼭 Á¤º¸µéÀ» Á¦°øÇÑ´Ù.

3. NIS+ Client-Server Model

   3.1 Client
       client´Â network¿¡¼­ Á¤º¸¸¦ »ç¿ëÇϱâÀ§ÇÑ request¸¦ º¸³»´Â ½Ã½ºÅÛ È¤Àº 
       process¸¦ ¸»ÇÑ´Ù. ÀÌ·± processµéÀº request¸¦ ¸¸µé±âÀ§ÇØ RPC libraryµéÀ»
       callÇÏ¿© »ç¿ëÇÑ´Ù.

   3.2 Server
       server´Â client process¿¡´ëÇÑ Á¤º¸¸¦ µ¹·ÁÁÖ°í, database¿¡¼­ request Á¤º¸¸¦
       Á¶»çÇÏ°í, client process request¸¦ °¡Áö´Â process¶ó°í ÇÒ¼öÀÖ´Ù.
       ¸ðµç domainÀº ÇϳªÀÇ master server¿Í 0°³ ÀÌ»óÀÇ replica serverµéÀ» °¡Á®¾ß ÇÑ´Ù.

       3.2.1 Master server
             master server´Â tableÀÇ Çü½Ä¿¡¼­ database information¿¡ ´ëÇÑ master setÀ»
             °¡Áø´Ù. ÀÌ·± tableÀÇ º¯°æ ȤÀº »ý¼ºÀº replica server¿¡°Ô ÀÚµ¿À¸·Î pushµÈ´Ù.

       3.2.2 Replica server
             replica server´Â master server°¡ downµÈ °æ¿ì¿¡ Á¤º¸¿¡´ëÇÑ backup source¸¦ 
             Á¦°øÇÏ°í , client requestµé¿¡ ´ëÇÏ¿© ÀÀ´äÇÏ´Â ºÎ´ãÀ» ºÐ»êÇϱâÀ§ÇÑ tableµéÀÇ
             º¹»çº»À» À¯ÁöÇÑ´Ù.

4. Hierarchical NIS+ Domains

   ½Ã½ºÅÛµéÀÇ ÁýÇÕ°ú ±×·± ½Ã½ºÅ۵鿡°Ô Á¦°øµÇ´Â Á¤º¸µéÀ» domainÀ̶ó°í ºÎ¸¥´Ù. 
   NIS+ domainÀº ÇϳªÀÇ Á¶Á÷¿¡ ´ëÇÑ °èÃþÀûÀÎ ±¸Á¶¸¦ ½ÇÁ¦·Î ¹Ý¿µÇÑ subdomainÀ¸·Î ³ª´©¾î
   Áú¼ö ÀÖ´Ù.

   - Hierachical DomainÀÇ ¿¹

     ¿¹¸¦µé¸é, Acme Inc°¡ ¿©¼¸°³ÀÇ divisionÀ¸·Î ³ª´©¾îÁú¶§ÀÇ ¸ð½ÀÀº ´ÙÀ½°ú °°´Ù.

                               acme.com.
                                   |
                                   |
     +-----------------------------+----------------------------------------------+
     |              |              |             |                |               |
hardware.acme.com.  |    marketing.acme.com.     |       finance.acme.com.        |
                    |                            |                                |
             software.acme.com.           sales.acme.com.               legal.acme.com.
                    |
                    |
         +------------------------------+
         |                              |
  testing.software.acme.com.   engineering.software.acme.com.


   - NIS+ Objects

     NIS+ namespace´Â NIS+ Á¤º¸°¡ ÀúÀåµÈ °èÃþÀû ±¸Á¶ÀÌ´Ù. °¢°¢ÀÇ namespace´Â
     namespaceÀÇ »óÀ§¿¡ ÀÖ´Â root domainÀ» Á¦°øÇÏ´Â root master server¸¦ °¡Áø´Ù.
     ±×¸®°í,  NIS+ namespace´Â  NIS+ command·Î¸¸  accessµÈ´Ù.
     NIS+ objectÀÇ ¼¼°¡Áö ÀϹÝÀûÀÎ À¯ÇüÀº  directory objects, table objects, group object
     °¡ ÀÖ´Ù.

     - Directory object´Â namespaceÀÇ ÁÖ¿ä ±¸¼º¿ä¼ÒÀÌ´Ù.
       À̵éÀº ´Ù¸¥ directory object , table object , group object¸¦ Æ÷ÇÔÇÑ´Ù.

     - Table object´Â NIS+ namespace¿¡ Á¤º¸¸¦ ÀúÀåÇÑ´Ù. Solaris 2.X ȯ°æÀº »ç¿ëÀÚµé,
       workstationµé , network¿¡´ëÇÑ resource¿¡´ëÇÑ Á¤º¸ÀÇ ´Ù¸¥ À¯ÇüÀ» ÀúÀåÇÏ´Â °¢°¢ÀÇ
       16°³ À¯ÇüÀÇ tableÀ» Á¦°øÇÑ´Ù. NIS+ tableµéÀÇ ÁýÇÕÀº ´ÜÁö ƯÁ¤ domain¸¸À» À§ÇÑ
       Á¤º¸µéÀ» ÀúÀåÇÏ´Â °ÍÀÌ´Ù.

     - Group object´Â NIS+ security¸¦ À§ÇØ »ç¿ëÇÏ´Â °ÍÀÌ´Ù. NIS+ groupÀº NIS+ security
       ¸¦ À¯¿ëÇÏ°Ô »ç¿ëÇϱâÀ§ÇØ ´ÜÀÏ À̸§¿¡ ÀÇÇØ È®ÀεǴ »ç¿ëÀÚµé , workstationµéÀÇ 
       ÁýÇÕÀÌ´Ù.

5. Directory Objects

   Directory Object´Â namespaceÀÇ framework¸¦ ¸¸µç´Ù. namespaceÀÇ ÃÖ»óÀ§¿¡ ÀÖ´Â
   directory object´Â root directory¶ó°í ºÒ¸®¿î´Ù. root directory nameÀº namespaceÀÇ
   °èÃþ±¸Á¶¿¡¼­ root(top) domainÀ» ³ªÅ¸³½´Ù.
   org_dir directory´Â NIS+ table objectµéÀ» ÀúÀåÇÑ´Ù.
   group_dir directory´Â NIS+ gropup objectµéÀ» ÀúÀåÇÑ´Ù.
   NIS+ domainÀº NIS+ tableÀÇ ÁýÇÕÀ» °¡Áø org_dir subdirectory¿Í group_dir subdirectory
   ·Î ±¸¼ºµÈ´Ù. Topmost directory´Â root directoryÀÌ´Ù. ¸¸¾à, namespace°¡ flatÇϸé, 
   ´ÜÁö ÇϳªÀÇ directoryÀÌÁö¸¸, ±× directory´Â root directoryÀÌ´Ù. 

6. Using NIS+ Object Names

   NIS+ object nameµéÀº ±×µéÀÇ À̸§À» root directory name¿¡ Ãß°¡ÇÔÀ¸·Î ±¸¼ºµÈ´Ù.
   ÀÌ°ÍÀº ¼ÒÀ§ fully qualified nameÀ̶ó°í ºÎ¸¥´Ù. 

   - partially qualified names
     partially-qualified NIS+ component nameÀº »ó´ë path-name¿¡ ºñÀ¯µÇ°í , ´ÜÁö ±×°ÍÀº
     componentÀÇ À̸§ÀÌ´Ù. ( hosts )

   - Fully qualified names
     fully qualified nameÀº ±¸¼º¿ä¼ÒµéÀÇ ¿Ïº®ÇÑ À̸§ÀÌ´Ù.
     
     ex) auto_home.org_dir.sales.acme.com.

   - root domain name
     root domain nameÀº dot¸¦ °¡Áö°í ³¡³ª´Â µÎ°¡Áö ±¸¼º¿ä¼Ò¸¦ Æ÷ÇÔÇÏ°í ÀÖ¾î¾ß¸¸ ÇÑ´Ù.

     ex) acme.com.

7. NIS+ servers and client

   NIS+ namespace¿¡ ÀÖ´Â objectµéÀº NIS+ server»ó¿¡ ÀúÀåµÈ´Ù. serverµéÀº request¸¦ 
   ¿äûÇÏ´Â clientµé¿¡°Ô Á¤º¸¸¦ Á¦°øÇÑ´Ù. ¸ðµç NIS+ doaminÀº ÀÚ½ÅÀÇ domain¾È¿¡¼­ Á¤º¸¸¦
   Á¦°øÇÏ´Â server¿¡´ëÇÑ list¸¦ ¸í½ÃÇؾ߸¸ ÇÑ´Ù. ÇϳªÀÇ NIS+ client´Â ¾î¶² NIS+ domain
   ¾È¿¡ ¼ÓÇÏ°Ô µÈ´Ù. client°¡ ÃʱâÈ­µÉ¶§, ±×°ÍÀÇ domain nameÀº È®ÀεǸç, kernel¿¡
   ÀúÀåµÇ°Ô µÈ´Ù. ±×¶§¿¡, coldstart fileÀº client¸¦ À§ÇØ ¸¸µé¾îÁö°Ô µÈ´Ù. ÀÌ·± È­ÀÏÀº 
   clientÀÇ domainÀ» Áö¿øÇÏ´Â ¸ðµç NIS+ serverµé¿¡ ´ëÇÑ listÀÌ´Ù. 
   client°¡ ÀÚ½ÅÀÇ domain ¿¡ request¸¦ º¸³¾¶§, ±× domainÀ» Áö¿øÇÏ´Â server¿¡°Ô º¸³»Áö°Ô µÈ´Ù. 
   ¾î¶² NIS+ server ´Â client°¡ µÉ¼öÀÖ°í, ±×¸®°í ±×°ÍÀº domainÀ» Áö¿øÇϴ°Íó·³ domain¿¡ ¼ÓÇÏ°Ô µÈ´Ù.
   server°¡ ¼ÓÇÑ domainÀº root domainÀ¸·Î ´Ù·ç¾îÁú¶§¸¦ Á¦¿ÜÇÏ°í´Â , ±×°ÍÀ» Áö¿øÇÏ´Â doamin
   À§¿¡ Ç×»ó ÀְԵȴÙ. root doaminÀ» Áö¿øÇÏ´Â server´Â root domain¿¡ ¼ÓÇÏ°Ô µÈ´Ù.

                              +-------+
                              | queen | acme.com.
                              +-------+
                                  |
                                  |
             +--------------------+----------------------+
             |                                           |
          +------+                                    +------+
          | king | sales.acme.com.                    | jack | eng.acme.com.
          +------+                                    +------+
             |
             |
          +----------+
          | princess | west.sales.acme.com.
          +----------+

          +-------------------------------------------------------------------+
          |    server   |         Belongs to       |         supports         |
          +-------------------------------------------------------------------+
          |   queen     |   acme.com.              |  acme.com.               |
          +-------------------------------------------------------------------+
          |   king      |   acme.com.              |  slaes.acme.com.         |
          +-------------------------------------------------------------------+
          |   jack      |   acme.com.              |  eng.acme.com.           |
          +-------------------------------------------------------------------+
          |  princess   |   sales.acme.com.        |  west.sales.acme.com.    |
          +-------------------------------------------------------------------+

8. NIS+ Master servers and Replica servers

   À§ÀÇ ¿¹´Â ÇϳªÀÇ server¿¡ ÀÇÇØ Áö¿øµÇ´Â °¢°¢ÀÇ domainÀ» º¸¿©ÁÖ°í ÀÖ´Ù. »ç½Ç, NIS+ 
   domainÀº ÇϳªÀÇ master server ȤÀº Çϳª , ±×ÀÌ»óÀÇ replica server¿¡ÀÇÇØ Áö¿øµÇ°í
   ÀÖ´Ù. À§ÀÇ ¿¹¿¡¼­ º¸¸é, ÇϳªÀÇ root server ( master server - queen )°¡ ÀÖ´Ù.
   µÎ°³ÀÇ master¿Í replica server´Â NIS+ table informationÀ» ÀúÀåÇÏ°í client request¿¡ 
   ÀÀ´äÇÑ´Ù. ÇÏÁö¸¸, ´ÜÁö master´Â table¿¡´ëÇÑ master copy¸¦ ÀúÀåÇÑ´Ù. Replica´Â master

   º¹Á¦º»ÀÇ Áߺ¹À» ÀúÀåÇÏ´Â °ÍÀÌ´Ù. replica server¸¦ °¡Áö´Â ÇϳªÀÇ ÀÌÁ¡Àº ¾ÈÀü¼ºÀÌ´Ù.
   ¸¸¾à, master server°¡ request¸¦ handleÇÒ¼ö ¾ø´Ù¸é, replica serverµéÁßÀÇ ¾î¶²°ÍÀÌ 
   reply¸¦ ÇÒ¼öÀÖ´Ù. ´Ù¸¥ÇϳªÀÇ ÀÌÁ¡Àº ½Ã½ºÅÛ°ü¸®¸¦ ½±°ÔÇÒ¼ö ÀÖ°Ô ÇÏ´Â °ÍÀÌ´Ù. °ü¸®ÀÚ´Â
   ÇϳªÀÇ À§Ä¡¿¡¼­ table informationÀ» loadÇÏ°í, ±× master server´Â replica server¿¡°Ô 
   ±×°ÍÀ» ÀüÆÄÇÑ´Ù. ºñ½ÁÇÏ°Ô, update´Â master server¿¡ÀÇÇØ ¸¸µé¾îÁö°í, master server´Â
   replica server¿¡°Ô update»çÇ×À» ÀüÆÄÇÑ´Ù. 
   
9. NIS+ Security

   9.1 NIS+ Principals

       NIS+ security´Â unauthorized access·ÎºÎÅÍ Á¤º¸¸¦ º¸È£ÇÑ´Ù. Access´Â NIS+ ¿øÄ¢¿¡
       µû¸¥´Ù. 
       NIS+ principalÀº ´ÙÀ½°ú °°´Ù.

        - NIS+ client¿¡ loginÇÏ´Â user 
                     ȤÀº
        - NIS+ client»ó¿¡¼­ root·Î loginÇÏ´Â user

       NIS+ security¸¦ ÀÌ·ç±â À§Çؼ­, ¾î¶² »ç¿ëÀÚ´Â rootó·³ loginÇÒ¼ö ÀÖ¾î¾ß ÇÑ´Ù.

         +-----------------------------------------------------------+
         |  °á±¹, NIS+ principalÀº ÀϹݻç¿ëÀÚÀ̰ųª workstation ÀÓ   | 
         +-----------------------------------------------------------+

       NIS+ security privilege´Â  µÎ´Ü°èÀÇ NIS+ principalÀ¸·Î ³ª´©¾î Áø´Ù.

       1) principalÀ» È®ÀÎÇÏ´Â credentialÀº domainÀÇ cred table¿¡ ÀúÀåµÈ´Ù.
       2) namespace»ó¿¡ ÀÖ´Â °¢°¢ÀÇ object´Â ´Ù¸¥ ¹üÁÖÀÇ NIS+ principal¿¡ access ±Ç¸®¸¦ ºÎ¿©ÇÑ´Ù.
          ÀÌ·± security informationÀº object definition¿¡ ÀúÀåµÈ´Ù.

       principal request°¡ object¿¡ accessµÉ¶§, NIS+ server´Â ƯÁ¤ÇÑ object¿¡ ÀÇÇØ access ±Ç¸®°¡
       principal¿¡ ºÎ¿©µÇ¾ú´ÂÁö¸¦ È®ÀÎÇÑ´Ù.
       ¸¸¾à, access ±Ç¸®°¡ ÀÏÄ¡Çϸé, server´Â ±× request¿¡ ÀÀ´äÇÑ´Ù.
       ¸¸¾à, ÀÏÄ¡ÇÏÁö ¾ÊÀ¸¸é,  server´Â request¸¦ ºÎÀÎÇÏ°í error message¸¦ µ¹·ÁÁØ´Ù.

   9.2 NIS+ Security

       NIS+ server°¡ NIS+ client·ÎºÎÅÍ request ¿äûÀ» ¹ÞÀ»¶§, ¿ì¼± principalÀ»
       È®ÀÎÇÑ´Ù. ±×¶§, NIS+ server´Â principalÀÌ accessÇϱ⠿øÇÏ´Â object¸¦ ã°í  
       pincipalÀÌ ±× object¿¡ ÀûÀýÇÑ Á¢±Ù±ÇÇÑÀ» °¡Á³´ÂÁö ¿©ºÎ¸¦ °áÁ¤ÇÑ´Ù.
       ¸¸¾à, objectÀÇ Á¤ÀÇ°¡ principalÀÌ ¿Ã¹Ù¸¥ Á¢±Ù±ÇÇÑÀ» °¡Á³´Ù¸é, 
       server´Â Á¢±ÙÀ» Çã°¡ÇÑ´Ù.

                    +---------------------------------+
                    | PrincipalÀÌ NIS+·Î access ¿äû  |
                    +---------------------------------+
                                     |
                                     |
             +------------------------------------------------------+
             | server´Â credentialÀ» Á¶»çÇÏ°í principalÀ» È®ÀÎÇÑ´Ù  | --> authentication(Áõ¸í)
             +------------------------------------------------------+
                                     |
                                     |
                     +---------------------------------+
                     | server´Â object Á¤ÀǸ¦ Á¶»çÇÑ´Ù |   --> authorization(ÀÎÁõ)
                     +---------------------------------+
                                     |
                                     V
         +------+       +---------------------------+       +------+
         |  NO  | <-----| principalÀº accesµÇ´Â°¡ ? |------>| YES  |
         +------+       +---------------------------+       +------+
            |                                                   |
            V                                                   V
       +----------+                                        +----------+
       | server´Â |                                        | server´Â |
       | Á¢±ÙÀ»   |                                        | Á¢±ÙÀ»   |
       | °ÅºÎÇÑ´Ù |                                        | Çã°¡ÇÑ´Ù |
       +----------+                                        +----------+

       principalÀ» È®ÀÎÇÏ´Â ÀýÂ÷´Â authenticationÀ¸·Î ¾Ë·ÁÁ® ÀÖ´Ù. object¿¡ ´ëÇÑ access
       ±ÇÇÑÀ» °Ë»çÇÏ´Â ÀýÂ÷´Â authorizationÀ¸·Î ¾Ë·ÁÁ® ÀÖ´Ù.

   9.3 Authentication

       authenticationÀº	NIS+ server·Î ¿äûÇÏ´Â principalÀ» È®ÀÎÇÏ´Â ÀýÂ÷ÀÌ´Ù. 
       authenticationÀÇ ¸ñÀûÀº object·ÎÀÇ access ±ÇÇÑÀÌ Á¶»çµÉ¼ö ÀÖµµ·Ï(authorization process)
       principal nameÀ» ¾ò´Â°ÍÀÌ´Ù.
       NIS+ server´Â ÀÚ½ÅÀÇ crendentialÀ» °Ë»çÇÔÀ¸·Î½á principalÀ» È®ÀÎÇÑ´Ù.
       NIS+´Â µÎ°¡Áö ÇüÅÂÀÇ crendentialÀ» ¼ö¿ëÇÑ´Ù.

       - LOCAL credentials : LOCAL credentialÀº clientÀÇ UID¸¦ NIS+ principal nameÀ¸·Î  
                             ¸¸µå´Âµ¥ »ç¿ëµÈ´Ù.
                             LOCAL credentialÀº password record·ÎºÎÅÍ client userÀÇ UID,GID¸¦ 
                             ÃßÃâÇÏ¿© ¸¸µé¾îÁö°í, ¸¸µé¾îÁø crendentialµéÀ» ÀÚ±â domainÀÇ 
                             cred table¿¡ ÀúÀåÇÑ´Ù.

       - DES credentials : DES credentialÀº principalÀ» È®ÀÎÇϱâ À§ÇØ ¿ä±¸µÇ´Â additional password
                           (or key)»ó¿¡¼­ ¸¸µëÀ¸·Î½á »ý¼ºµÈ´Ù.. 
                           ÀÌ·± additional key°¡ Á¦°øµÇÁö ¾Ê´Â´Ù¸é, principalÀº
                           unauthenticateµÇ´Â °ÍÀ¸·Î °í·ÁµÇ°í, object¸¦ accessÇϴ°ÍÀÌ
                           °ÅºÎµÈ´Ù.
                           Ç×»ó principalÀÇ login password¿Í DES key´Â °°´Ù.

       NIS+ principalÀ» È®ÀÎÅ° À§ÇÑ Á¤º¸´Â cred table¿¡ ÀúÀåµÈ´Ù. 
       °¢°¢ÀÇ NIS+ domainÀ» À§ÇØ ÇϳªÀÇ cred tableÀÌ ÀÖ´Ù.
       cred tableÀº ƯÁ¤ÇÑ domainÀ» accessÇϱ⸦ ¿øÇÏ´Â NIS+ principalÀ» À§ÇÑ
       authentication information¸¦ ÀúÀåµÈ´Ù.

   9.4 Authorization

       NIS+ authorizationÀº NIS+ principalÀÌ NIS+ object¿¡ ´ëÇÑ access±Ç¸®¸¦ ÀÎÁ¤ÇÏ´Â ÀýÂ÷ÀÌ´Ù.
       access ±Ç¸®¿¡´Â ³×°¡Áö À¯ÇüÀÌ ÀÖ´Ù.

       ======================================================================== 
           Access Right                          Description
       ========================================================================  
              Read                  principalÀº object¿¡´ëÇÑ ³»¿ëµéÀ» ÀÐÀ»¼ö
                                    ÀÖ´Ù.
              Modify                principalÀº objectÀÇ ³»¿ëÀ» ¼öÁ¤ÇÒ¼ö ÀÖ´Ù.
              Create                principalÀº table ȤÀº directory¾ÈÀÇ »õ·Î¿î
                                    objectsÀ» ¸¸µé¼ö ÀÖ´Ù.
              Destory               principalÀº table ȤÀº directory¾ÈÀÇ object 
                                    µéÀ» Æı«ÇÒ¼öÀÖ´Ù.
       ========================================================================       

       NIS+ access±Ç¸®´Â file permission°ú °°Àº °ÍÀ¸·Î »ý°¢µÉ¼ö ÀÖ´Ù.

       9.4.1 Access Rights

             authorizationÀÇ ¸ñÀû°ú access ±Ç¸®µéÀ» ÀÎÁ¤Å° À§ÇØ 
             principalµéÀ» 4°¡Áö ÇüÅ·ΠºÐ·ùÇÑ´Ù.

             =================================================================
              category        Description
             =================================================================
              owner           single NIS+ principal
              group           NIS+ principalÀÇ ÁýÇÕ
              world           NIS+¿¡ ÀÇÇØ È®ÀÎµÈ ¸ðµç principal
              nobody          unauthenticate principal
             =================================================================

             access±Ç¸®´Â 16ÀÚ¸® ¹®ÀÚ list·Î Ç¥½ÃµÈ´Ù.
             ÀÌ·± access±Ç¸®´Â objectµéÀÇ Á¤ÀÇÀÇ ÇѺκÐÀ¸·Î ¸í½ÃµÈ´Ù.

                     r--- rmcd rm-- r---
             Nobody  ----
                    owner ----
                         group ----
                               world ----
       
             NIS+ groupÀº security convenienceÀ» À§ÇØ ÇÔ²² ±¸¼ºµÈ ÇϳªÀÌ»óÀÇ NIS+ principalÀÌ´Ù.
             NIS+ group¿¡ ´ëÇÑ Á¤º¸´Â ¸ðµç NIS+ domaindÀÇ subdirectoryÀÎ groups_dirÇÏ¿¡¼­
             NIS+ group object¿¡ ÀúÀåµÈ´Ù.
             Âü°í·Î NIS+ group table¿¡ ÀúÀåµÇ´Â °ÍÀº ¾Æ´Ï´Ù. ¿©±â¼­ ¸»ÇÏ´Â groupÀº UNIX groupÀÌ´Ù.
             ¸ðµç access±Ç¸®´Â nisls command¸¦ ÀÌ¿ëÇÏ¸é ³ªÅ¸³ª°Ô µÈ´Ù.

10. NIS+ Security Levels

    À§¿¡¼­ ¾ð±ÞÇÑ authorization schemeÀÇ ½ÇÇàÀº security¿¡ ´ëÇÑ domain level¿¡ ÀÇÇØ °áÁ¤µÈ´Ù.
    NIS+ server´Â ¼¼°¡ÁöÀÇ security levelÁßÀÇ Çϳª·Î ÀÛµ¿ÀÌ µÈ´Ù; 0 , 1 , 2
    ÀÌ·± security levelµéÀº principalÀÇ credentialÀÌ °Ë»çµÇ´Â Á¤µµ¸¦ °áÁ¤ÇÏ´Â °ÍÀÌ´Ù.

    =====================================================================================
     security level      Description
    =====================================================================================
       0                 principalÀÇ credential¿¡ ´ëÇÑ °Ë»ç°¡ ÇàÇØÁöÁö ¾Ê´Â´Ù.
                         ¾î¶² clientµµ ÀÛµ¿À» ¼öÇàÇϵµ·Ï ÇÑ´Ù.
                         ÀÌ levelÀº ÃʱâÀÇ NIS+ namespaceµéÀ» settingÇÏ°í testing
                         ÇϱâÀ§ÇÑ ¸ñÀûÀ¸·Î »ç¿ëµÈ´Ù.
    =====================================================================================
       1                 principalÀÇ credentialÀ» °Ë»çÇÏ°í LOCAL ȤÀº DES
                         authenticationÀ» ¼ö¿ë.
                         local credentialµéÀº ½±°Ô À§Á¶µÉ¼ö Àֱ⶧¹®¿¡, untrusted server
                         µéÀÌ accessÇÒÁö ¸ð¸£´Â network»ó¿¡¼­´Â ÀÌ°ÍÀ» »ç¿ëÇÏÁö ¸»¾Æ¾ß ÇÑ´Ù.
    =====================================================================================
       2                 principalÀÇ credentialÀ» °Ë»çÇÏ°í DES authentication¸¸À» ¼ö¿ë.
                         ÀÌlevelÀº ÃÖ»óÀÇ security levelÀ» Á¦°øÇÏ°í , NIS+ server¿¡¼­´Â
                         default levelÀÌ´Ù.
    =====================================================================================

    NIS+ server¿¡¼­ ¼öÇàµÇ´Â rpc.nisd¶ó ºÒ¸®´Â NIS+ service daemonÀº /etc/init.d/rpc script·Î 
    ºÎÅÍ ¼öÇàµÈ´Ù. Default security levelÀº 2ÀÌ´Ù.
    testÇÏ´Â ¸ñÀûÀ¸·Î lower security levelÀÇ NIS+ ȯ°æÀ¸·Î ¿î¿µÇÑ´Ù¸é, root master 
    serverÀÇ rpc script¸¦ -S optionÀ» °¡Áö°í ¿î¿µÇÏ¸é µÈ´Ù.

       /usr/sbin/rpc.nisd -r -S 0  ( -r => root server·Î¼­ ¿î¿µÇϱâ À§ÇÑ daemon option ) 
       
11. Name service switch process

    Name service switch process´Â NIS+ client°¡ /etc ȤÀº NIS+ tableµé°ú °°Àº ÇϳªÀÌ»óÀÇ 
    sourceµé·ÎºÎÅÍ Á¤º¸¸¦ ¾ò°Ô ÇØÁØ´Ù.
    Name service switch configurationÀÎ /etc/nsswitch.conf fileÀº 15Á¾·ùÀÇ information list¿Í
    ÀÌ·±ÇÑ sourceµéÀÌ Ã£¾îÁö´Â ¼ø¼­¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Ù.
    ±× È­ÀÏÀÇ ÇüÅ´ ´ÙÀ½°ú °°´Ù.

      group        source(s)
      hosts        source(s)
      passwd       source(s)

    - Sources
      ÇϳªÀÌ»óÀÇ sourceµéÀÌ °¢°¢ÀÇ database¸¦ À§ÇØ ¸í½ÃµÉ¼ö ÀÖ´Ù.

      ==============================================================================
        sources         Description
      ==============================================================================
        files           clientµéÀÇ local /etc fileµé
        nisplus         NIS+ table
        nis             NIS map
        compat          password¿Í groupÀÇ old-styleÀÎ "+"¸¦ Áö¿ø
        dns             hosts entry¿¡¸¸ Àû¿ë 
      ==============================================================================

      example ) /etc/nsswitch.conf file

            passwd:       files  nisplus
            group:        files  nisplus

      ÀÌ·± syntax´Â ¸¸¾à localÀÇ passwd¿Í group fileµéÀ» Á¶»çÇÏ¿© ¾øÀ»¶§ NIS+ passwd¿Í
      group fileµéÀ» Á¶»çÇ϶ó´Â °ÍÀÌ´Ù.
      ´ÜÁö, local passwd¿Í group file¿¡ ±¹ÇÑÇؼ­ access¸¦ Á¦ÇÑÇÑ´Ù¸é  nisplusÇ׸ñÀ» »èÁ¦ÇÏ¸é µÈ´Ù.
    
      example ) cat /etc/nsswitch.conf
		#
		# /etc/nsswitch.files:
		#
		# An example file that could be copied over to /etc/nsswitch.conf; it
		# does not use any naming service.
		#
		#"hosts:" & "services:" in this file are used only if the /etc/netconfig 
		# file contains "switch.so" as a nametoaddr library for "inet" transports.
		passwd:     files
		group:      files
		hosts:      files
		networks:   files
		protocols:  files
		rpc:        files
		ethers:     files
		netmasks:   files        
		bootparams: files
		publickey:  files
		# At present there isn't a 'files' backend for netgroup;  the system will 
		#   figure it out pretty quickly, and won't use netgroups at all.
		netgroup:   files
		automount:  files
		aliases:    files
		services:   files

12. Name service switch status / action values

    - return status

      °¢°¢ÀÇ source´Â NIS+ infromationÀ» ¿äûÇÏ´Â »ç¿ëÀÚ¿¡°Ô value¸¦ returnÇÏ´Â
      status code¸¦ µ¹·ÁÁØ´Ù.

      ================================================================================
       status code      Description
      ================================================================================
       SUCCESS          requestµÈ entry¸¦ ¹ß°ß
       UNAVAIL          source°¡ »ç¿ëºÒ°¡´ÉÇÔ
       NOT FOUND        source´Â ¾î¶°ÇÑ entryµµ Æ÷ÇÔÇÏ°í ÀÖÁö ¾ÊÀ½
       TRY AGAIN        source´Â " I'm busy, try later " message¸¦ returnÇÔ
      ================================================================================

    - Actions

      °¢°¢ÀÇ status code¸¦ À§ÇØ, µÎ°¡Áö actionÀÌ °¡´ÉÇÏ´Ù.

      =============================================
       action         description
      =============================================
      continue        ´ÙÀ½ source¸¦ ½Ãµµ
      return          entry Á¶»ç¸¦ ¸ØÃã
      =============================================

      Default actionÀº ´ÙÀ½°ú °°´Ù.
      - SUCCESS = return
      - UNAVAIL = continue
      - NOT FOUND = continue
      - TRY AGAIN = continue

      ex) cat /etc/nsswitch.conf
                   ...
        hosts:     nisplus [NOTFOUND=return] files
                   ...

        ÀÌ syntaxÀÇ Àǹ̴ NIS+ hosts table¸¸ÀÌ Á¶»çµÉ¼ö ÀÖ´Ù´Â °ÍÀÌ´Ù.
        local table°ú NIS+ tableµÑ´Ù Á¶»çÇÏ·Á¸é, [NOTFOUND=return]ÀÇ ºÎºÐÀ» Áö¿ì¸é µÈ´Ù.

13. Name service switch configuration file

    name service switch configuration fileÀÇ ³×°¡Áö versionÀÌ Solaris 2.X release¿¡
    Æ÷ÇԵǾî ÀÖ´Ù.

    - /etc/nsswitch.conf fileÀº network Á¤º¸¸¦ À§ÇØ Á¶»çµÇ¾î¾ß ÇÒ source·Î¼­, install½Ã
      ¼±ÅÃµÈ name service¸¦ ¸í½ÃÇÑ default configuration fileÀÌ´Ù.

    - /etc/nsswitch.files fileÀº local systemÀÇ /etc fileµé¸¸ Á¶»çÇÏ´Â ´ëü
      name service switch fileÀÌ´Ù.

    - /etc/nsswitch.nis fileÀº ¸ÕÀú local fileÀ» ´ÙÀ½¿¡ NIS database°¡ ÂüÁ¶µÇ´Â passwwd,
      group,automount,aliases map°°Àº °ÍÀ» Á¦¿ÜÇÑ ¸ðµç Á¤º¸¿¡´ëÇÑ primary source·Î¼­ 
      NIS database¸¦ »ç¿ëÇÑ´Ù.
      ¿Ö³ÄÇϸé, passwd¿Í group fileÀ» À§ÇÑ Á¶»ç´Â local fileÀ» ¸ÕÀú ã°í, ³ªÁß¿¡ NIS
      database¸¦ ã±â¶§¹®¿¡, passwd file¿¡´Â "+"Ç¥½Ã°¡ ÇÊ¿ä°¡ ¾ø´Ù.

    - /etc/nsswitch.nisplus fileÀº local fileÀ» ¸ÕÀú ã°í, ³ªÁß¿¡ NIS database°¡ ÂüÁ¶µÇ´Â
      passwd,group,automount,aliases tableÀ» Á¦¿ÜÇÏ°í ¸ðµç Á¤º¸¸¦ À§ÇÑ primary source·Î
      NIS+¸¦ »ç¿ëÇÑ´Ù.

    Default /etc/nsswitch.conf fileÀº installµ¿¾È ¾î¶² name service°¡ ¼±ÅõǴÂÁö¿¡ µû¶ó °áÁ¤µÈ´Ù. 
    À§¿¡¼­ ¾ð±ÞÇÑ ´Ù¸¥ switch fileµéÀº name service configurationÀÌ º¯°æµÉ¶§ /etc/nsswitch.conf
    file¿¡ º¹»çÇÏ¿© »ç¿ëÇÒ¼ö ÀÖ´Ù.
      
 


SUBJECT: Solaris 2.x - NIS+ Environment
CONTENT: chapter 9.2 - configuration the NIS+ Environment


1. Configuring an NIS+ Root Master

   1) NIS+ root master»ó¿¡ root·Î login

   2) path¸¦ setting.
        # PATH=/usr/lib/nis:$PATH ; export PATH

   3) domain nameÀ» set.
        # domainname solar.com.
        # domainname > /etc/defaultdomain

   4) NIS+ sourceµéÀ» Æ÷ÇÔÇÏ´Â name service switch fileÀ» º¯°æ.
        # cp /etc/nsswitch.nisplus /etc/nsswitch.conf

   5) root master¸¦ ÃʱâÈ­.
        # nisinit -r  ( -r => NIS+ root server·Î ÃʱâÈ­)

   6) security level 0·Î NIS+ domainÀ» ½ÃÀÛ.
        # rpc.nisd  -r  -S  0  
        ( security level 0´Â setup°ú testingÀ» À§ÇØ »ç¿ëµÇ´Â °Í )
        ( security level 0¿¡¼­´Â, ¾î¶² userµµ NIS+ mapÀ» editÇÒ¼ö ÀÖÀ½)

   7) NIS+ directory structure¸¦ setup.
        # nissetup solar.com.

   8) NIS tableµé¿¡ data file informationÀ» Ãß°¡
        # cd /etc
        # nisaddent -r -f hosts hosts  ( -r => ÇöÁ¸ÇÏ´Â entry »èÁ¦ÈÄ ´Ù½Ã ¸¸µë)
        # nisaddent -r -f passwd passwd
        # nisaddent -r -f rpc rpc
        # nisaddent -r -f services services
        # nisaddent -r -f netmasks netmasks
        # nisaddent -r -f bootparams bootparams
        # nisaddent -r -f ethers ethers
        # nisaddent -r -f group group
        # nisaddent -r -f timezone timezone
        # nisaddent -r -f protocols protocols
        # nisaddent -r -f mail_aliases mail_aliases
        # nisaddent -r -f sendmailvars sendmailvars
        # nisaddent -m -f shadow shadow ( -m => file or mapÀ» NIS+ table°ú merge)
        # nisaddent -r -f /etc/auto_master -t automaster.org_dir key_value 'domainname'
                          ( -t table => tableÀº NIS+ tableÀÌ µÇ¾ß ÇÔ)

   9) NIS+ tableµéÀ» °ËÁõ.
        # niscat hosts.org_dir
        # niscat passwd.org_dir

   10) NIS+ value¸¦ set.
        # NIS_PATH='org_dir.$:$'
        # export NIS_PATH
        # niscat passwd


2. NIS+ Replica server¸¦ setup.

   1) /etc/inet/hosts file¿¡ NIS+ master¸¦ Ãß°¡.
      # vi /etc/inet/hosts
        ip_address    master_name

   2) NIS+ root master·Î loginÇÏ°í replica server¸¦ ÀνĽÃÄÑÁÜ.
      # rlogin master_name
      # nismkdir -s replica_hostname solar.com.  ( -s => hostnameÀÌ replica ÀÓÀ» ÁöĪ)
      # nismkdir -s replica_hostname org_dir.solar.com.

   3) NIS+ replica server»ó¿¡ root·Î login.

   4) domain nameÀ» set.
      # domainname solar.com.
      # domainname > /etc/defaultdomain

   5) NIS+¸¦ Æ÷ÇÔÇÏ´Â name service switch fileÀ» º¯°æ.
      # cp /etc/nsswitch.nisplus /etc/nsswitch.conf

   6) clientó·³ replica server¸¦ ÃʱâÈ­.
      # nisinit -c -H master_name  ( -c => NIS+ client·Î ÃʱâÈ­ 
                                     -H hostname => hostnameÀÌ ÁøÁ¤ÇÑ NIS+ server·Î¼­ contact µÇ¾ßÇÔ) 
   7) NIS+ daemonÀ» ½ÃÀÛ.
      # rpc.nisd

   8) NIS+ root master»ó¿¡¼­, replica server¿¡´ëÇÑ tableµéÀ» º¹Á¦.
      # nisping solar.com.
      # nisping org_dir.solar.com.


3. NIS+ client¸¦ setup.

   1. NIS+ client»ó¿¡ root·Î login.

   2. doamin nameÀ» set.
      # domainname solar.com.
      # domainname > /etc/defaultdomain

   3. NIS+¸¦ Æ÷ÇÔÇÏ´Â name service switch fileÀ» º¯°æ.
      # cp /etc/nsswitch.nisplus /etc/nsswitch.conf

   4. /etc/inet/hosts file¿¡ NIS+ master¸¦ Ãß°¡.
      # vi /etc/inet/hosts
        ip_address   master_name

   5. client¸¦ ÃʱâÈ­.
      # nisinit -c -H master_name


4. NIS+ client¸¦ ±¸¼º.

   1. domain nameÀ» set.

   2. master server¸¦ À§ÇÑ /etc/inet/hosts entry¸¦ Ãß°¡.

   3. nisinit command¸¦ ¿î¿µ.


5. NIS+ client commands

   1) nisls command
      - NIS+ directoryÀÇ objectµéÀÇ list¸¦ º¸¿©ÁÜ.
      - syntax : nisls [ -l ] [ directory_name ]
                 1 column : type
                 2 column : permissions
                 3 column : ownerÀÇ principal name
                 4 column : createµÇ´Â ÀϽÃ
                 5 column : object name

        # nisls -l
          org_dir.solar.com. :
                               ...
          T ----rmcdrmcdr--- venus.solar.com  Thu Jun 9 11:37:43 1994  auto_master
          T ----rmcdrmcdr--- venus.solar.com  Thu Jun 9 11:37:43 1994  auto_home
                               ....

   2) niscat command
      - NIS+ tableÀÇ ³»¿ëÀ» display.
      - syntax : niscat [ -h ] tablename
      - ex) # niscat passwd.org_dir
              root::0:1:0000-Admin(0000):/:/sbin/sh:
 
            # niscat -h passwd.org_dir
             # name:passwd:uid:gid:gcos:home:shell:shadow:
               root::0:1:0000-Admin(0000):/:/sbin/sh:

   3) nismatch command
      - shell scriptµéÀÌ NIS+ tableÀ» Á¶»çÇϴ°ÍÀ» Çã°¡ÇÔ.
      - syntax : nismatch key tablename
      - ex) # nismatch rimmer passwd.org_dir
              rimmer::113:110:Arnold J.Rimmer:/export/home/rimmer:/bin/sh:

   4) nisgrep command
      - syntax : nisgrep colname=keypat tablename
      - ex) # nisgrep 'uid=11[234]' passwd.org_dir
              lister::112:110:Dave Lister:/export/home/lister:/home/sh:
              rimmer::113:110:Arnold J.Rimmer:/export/home/rimmer:/bin/sh:
              kryten::114:110:Keyten Model 3500:/export/home/kryten:/bin/sh:

   5) nispasswd command
      - NIS+ passwd table¾ÈÀÇ entryµéÀ» º¯°æ.
      - nispasswd´Â local /etc/hosts¿Í /etc/shadow¸¦ ¼öÁ¤Çϰųª ÀÐÁö´Â ¾Ê´Â´Ù.
        nispasswd´Â NIS+ server¿Í Åë½ÅÇϱâ À§ÇØ secure RPC¸¦ »ç¿ëÇÏ°í, network»óÀ¸·Î unencryptµÈ
        password¸¦ Àý´ë·Î º¸³»Áö ¾Ê´Â´Ù.
      - ex) nispasswd

   6) nisdefaults command
      - default NIS+ value¸¦ º¸¿©ÁÜ.
      - ex) # nisdefaults
              Principal Name : venus.solar.com.
              Domain Name    : solar.com.
              Host Name      : venus.solar.com.
              Group Name     :
              Access Rights  : ----rmcdr---r---
              Time to live   : 12:00:00
              Search Path    : solar.com.

6. NIS+ table»ó¿¡ data¸¦ Ãß°¡.
   - dataµéÀº ¸î°¡Áö ´Ù¸¥ ¹æ¹ýÀ¸·Î NIS+ table¿¡ Ãß°¡µÊ.
     . admintool
     . nisaddent command
     . nistbladm command

7. Administration Tool

   - user account manager : NIS+ set

   - database manager : auto_homeÀ» nis+·Î set

8. NIS+ server & client¸¦ ÃʱâÈ­

   1. /usr/sbin/nisinit command´Â NIS+ client ȤÀº server¸¦ ÃʱâÈ­.

      syntax : nisinit -r

            nisinit -c -H host | -B -C coldstart_file

      ex) # nisinit -r
            This machine is in the solar.com. NIS+ domain.
            Setting up root server ...
            All done.

          # nisinit -c -H venus
            This machine is in the solar.com. NIS+ domain.
            Setting up NIS+ client ...
            All done.

   2. nissetup command

      NIS+ directory¿¡ Àִ ǥÁØÀÇ tableÀÇ empty versionÀ» ¸¸µå´Â shell script.

      ex) # /usr/lib/nis/nissetup solar.com.
            org_dir.solar.com. created
            groups_dir.solar.com. created
            auto_master.org_dir.solar.com. created
            auto_home.org_dir.solar.com. created
           

   3. nisaddent command

      /usr/lib/nis/nisaddent command´Â source file ȤÀº standard inputÀ¸·ÎºÎÅÍ Àоî NIS+
      table¿¡ data¸¦ Ãß°¡ÇÏ´Â ¸í·É.

      syntax : nisaddent [ -r ] -f file type [ domainname ]

      ex) # cat /etc/passwd | nisaddent passwd --> /etc/passwd ³»¿ëÀ» passwd.org_dir table¿¡ ÷°¡

      ex) # nisaddent -rv -f /etc/inet/hosts hosts --> hosts.org.dir tableÀ» /etc/hosts³»¿ëÀ¸·Î
                                                      ´ëüÇÔ 
           
          # nisaddent -mv -y myypdomain passwd nisdomain  --> myypdomain ÀÇ passwd mapÀ» 
                                passwd.org_dir.nisdomain table°ú ÇÕħ
                                /var/yp/myypdomain directory°¡ yppasswd.mapÀ» Æ÷ÇÔÇÑ´Ù°í °¡Á¤ÇÔ

          # nisaddent -m -y myypdomain -Y auto.master -t auto_master.org_dir key_value 
            --> myypdomainÀÇ auto.master map°ú auto_master.org_dir table°ú ÇÕħ 

          # nisaddent -d hosts  --> hosts.org_dir tableÀ» dumpÇÔ


   4. nismkdir command

      /usr/lib/nis/nismkdir command´Â Á¸ÀçÇÏ´Â NIS+ domain¾È¿¡ »õ·Î¿î NIS+ sub-directory
      (sub-domain)¸¦ ¸¸µé¶§ »ç¿ëÇÑ´Ù.
      ÀÌ ¸í·É¾î´Â replica server¸¦ À§ÇØ directory structure¸¦ ¸¸µå´Âµ¥ ÇÊ¿äÇÔ.

      syntax : nismkdir [ -s hostname ] directoryname

      ex) nismkdir -s saturn solar.com. --> solar.com. domain¾ÈÀÇ root master»ó¿¡¼­
                                          replica server saturnÀ» À§ÇØ ÇÊ¿äÇÑ directory¸¦ ¸¸µë
 
      ex) nismkdir -s saturn org_dir.solar.com.


   5. nisping command

      /usr/lib/nis/nisping command´Â ¸ðµç replica server¿¡ pingÀ» º¸³»´Âµ¥ »ç¿ë.

      syntax : nisping -f solar.com.

      ex) # nisping -f solar.com.
            Pinging replicas serving directory solar.com. :
            Master server is venus.solar.com.
                 Last update occurred at Thu Jun 9 11:43:58 1993
            Replica server is saturn.solar.com.
                 Pinging ... saturn.solar.com.

      ex) # nisping org_dir.solar.com
            Pinging replicas serving directory org_dir.solar.com. :
            Master server is venus.solar.com.
                 Last update occurred at Thu Jun 9 11:42:59 1993
            Replica server is saturn.solar.com.
                 pinging ... saturn.solar.com. 

Revison History

ÀÛ¼ºÀÏÀÚ : 96.11.19
ÀÛ¼ºÀÚ : ÀÌÁø¼ö