Skip Navigation Links | |
Exit Print View | |
Working With Naming and Directory Services in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
Part I About Naming and Directory Services
1. Naming and Directory Services (Overview)
2. Name Service Switch (Overview)
Databases and Sources for the Name Service Switch
Search Criteria for the Name Service Switch
Status Messages for the Name Service Switch
Switch Action Options for the Name Service Switch
Default Search Criteria for the Name Service Switch
timezone and the Name Service Switch
keyserv and publickey Entries in the Name Service Switch
Managing the Name Service Switch
How to Use a Legacy nsswitch.conf File
How to Switch the Source for a Database
How to Change the Source for All Naming Databases
4. Setting Up Oracle Solaris Active Directory Clients (Tasks)
Part II NIS Setup and Administration
5. Network Information Service (Overview)
6. Setting Up and Configuring NIS (Tasks)
9. Introduction to LDAP Naming Services (Overview)
10. Planning Requirements for LDAP Naming Services (Tasks)
11. Setting Up Oracle Directory Server Enterprise Edition With LDAP Clients (Tasks)
12. Setting Up LDAP Clients (Tasks)
13. LDAP Troubleshooting (Reference)
14. LDAP Naming Service (Reference)
It is possible to include and access password information in multiple repositories, such as files and nis. You can use the config/password property in the name service switch to establish the lookup order for that information.
Caution - files should be the first source in the name services switch for passwd information to prevent a denial of service (DoS) attack on the system. |
In an NIS environment, the config/password property in the name service switch should list the repositories in the following order;
config/password astring "files nis"
Tip - Listing files first allows the root user to log in, under most circumstances, even when the system encounters some network or naming service issues.
Do not maintain multiple repositories for the same user. In most cases, the naming service looks up and returns the first definition only. Duplicate entries usually mask security problems.
For example, having the same user in both files and in the network repository will (depending on the config/password name-service/switch configuration) use one login ID over the other. The first matched ID for a given machine will become the ID used for the login session. If an ID is in both files and the network repository, and the network repository has been disabled for security reasons, then any machine where the ID resides and is accessed before the network ID is disabled might now be insecure and vulnerable to insecure and unwanted access.