Domain Name Syntax

NIS+ domain names consist of a string of ASCII characters separated by a dot (.). These character sequences, which identify the directories in an NIS+ domain, are called labels. The order of labels is hierarchical. The directory at the left of the sequence is the most local, and the directories identifying the parts of the domain become more global the closer they are to the right, as is the convention for most email domain addresses. Unlike email domain addresses, you must use a dot at the end of a fully qualified NIS+ domain name. The dot identifies the global root of the namespace. NIS+ names are fully qualified when the name includes all of the labels that identify all of the directories. Figure 5-5 shows examples of some fully qualified names in an NIS+ namespace. Note that an NIS+ principal is a user or system whose credentials have been stored in the NIS+ namespace. See “NIS+ Security” later in this chapter for more information.

Figure 5-5  Fully qualified names of NIS+ namespace components.

---

NOTE:  If an NIS+ command requires a fully qualified domain name and you omit the global root dot from the end of the name, a syntax error message is displayed.

---

Names without a trailing dot are called partially qualified. For example, hosts.org_dir is a partially qualified domain name that specifies the hosts table in the org_dir directory of the default domain.

Figure 5-6 shows a more detailed example of a hierarchical namespace. In Figure 5-6, Starlight.Com is the root domain, Sales and Corp are subdomains of the root domain, Int is a subdomain of Sales, and hostname.int.sales.starlight.com is a client system in the int.sales.starlight.com. domain. The system hostname.corp.starlight.com. is a client of the Corp domain

Figure 5-6  An example of the directories and domains in an NIS+ namespace.

---

NOTE:  Domain names for NIS+ are not case-sensitive. You do not need to type the names with exact capitalization. The names esg.eng.starlight.com. and ESG.Eng.Starlight.COM. are identical for NIS+.

---

Table Objects

NIS+ table objects use columns and entries (rows) to store information for NIS+ domains. NIS+ tables provide two major improvements over the maps used by NIS.

•  First, you can access any searchable column in an NIS+ table; with NIS maps you could search in the first column only. Duplicate maps (which were used by NIS) are unnecessary. Instead of providing NIS hosts.byname and hosts.byaddr as separate maps, NIS+ commands can search any column (name or address) marked searchable in the hosts.org_dir table.

•  Second, an NIS+ principal’s access to NIS+ tables can be controlled at three levels: at the object level of the table itself, at the column level, and at the row or entry level. If access is given at the table level, it cannot be restricted at the column or entry level. Any access granted at the column level cannot be taken away at the entry level.

In addition, you can specify a search path for each table, and you can create symbolic links between table objects and entries using the nisln command. See the nisln(1) manual page for more information about creating links.

Each table object has its own access security information that controls whether a principal has access to the table object itself. Table security is similar to UNIX file security. See “NIS+ Security” later in this chapter for more information.

NIS+ org_dir Tables

The tables in org_dir provide much of the functionality that you need to administer your network. Although you can create your own tables, you will do most of the standard NIS+ table administration using the tables in the org_dir.