JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Working With Naming and Directory Services in Oracle Solaris 11.1     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Part I About Naming and Directory Services

1.  Naming and Directory Services (Overview)

2.  Name Service Switch (Overview)

About the Name Service Switch

Databases and Sources for the Name Service Switch

Search Criteria for the Name Service Switch

Status Messages for the Name Service Switch

Switch Action Options for the Name Service Switch

Default Search Criteria for the Name Service Switch

What If the Syntax Is Wrong?

auto_home and auto_master

timezone and the Name Service Switch

keyserv and publickey Entries in the Name Service Switch

Managing the Name Service Switch

How to Use a Legacy nsswitch.conf File

How to Switch the Source for a Database

How to Change the Source for All Naming Databases

DNS and Internet Access

Name Service Switch and Password Information

3.  Managing DNS (Tasks)

4.  Setting Up Oracle Solaris Active Directory Clients (Tasks)

Part II NIS Setup and Administration

5.  Network Information Service (Overview)

6.  Setting Up and Configuring NIS (Tasks)

7.  Administering NIS (Tasks)

8.  NIS Troubleshooting

Part III LDAP Naming Services

9.  Introduction to LDAP Naming Services (Overview)

10.  Planning Requirements for LDAP Naming Services (Tasks)

11.  Setting Up Oracle Directory Server Enterprise Edition With LDAP Clients (Tasks)

12.  Setting Up LDAP Clients (Tasks)

13.  LDAP Troubleshooting (Reference)

14.  LDAP Naming Service (Reference)

15.  Transitioning From NIS to LDAP (Tasks)

Glossary

Index

Name Service Switch and Password Information

It is possible to include and access password information in multiple repositories, such as files and nis. You can use the config/password property in the name service switch to establish the lookup order for that information.


Caution

Caution - files should be the first source in the name services switch for passwd information to prevent a denial of service (DoS) attack on the system.


In an NIS environment, the config/password property in the name service switch should list the repositories in the following order;

config/password  astring             "files nis"

Tip - Listing files first allows the root user to log in, under most circumstances, even when the system encounters some network or naming service issues.


Do not maintain multiple repositories for the same user. In most cases, the naming service looks up and returns the first definition only. Duplicate entries usually mask security problems.

For example, having the same user in both files and in the network repository will (depending on the config/password name-service/switch configuration) use one login ID over the other. The first matched ID for a given machine will become the ID used for the login session. If an ID is in both files and the network repository, and the network repository has been disabled for security reasons, then any machine where the ID resides and is accessed before the network ID is disabled might now be insecure and vulnerable to insecure and unwanted access.