Accounts are created and maintained on a system using the Account Manager
(dxaccounts) GUI or the
useradd,
usrmod,
userdel
command-line utilities.
This
chapter describes how to create and maintain local accounts under enhanced
security.
It also describes how to configure the Network Information Service
(NIS) and how to use NIS to create and maintain distributed accounts under
enhanced security.
9.1 Authentication Subsystem
The authentication subsystem verifies that users who log in to the system have the required password. It is the framework in which processes, protected subsystems, and the kernel work together to ensure that only authorized users and their processes gain access to the system.
The system administrator is responsible for ensuring that all user authorizations, whether they are set explicitly or by default, conform to a site's security requirements.
The authentication subsystem uses and maintains the following security databases. These databases contain parameters and statistics for the system, for users, and for terminals. For a summary of the contents of these databases, see Chapter 17 and the appropriate reference pages:
Password file
(
passwd(4))
Protected Password database
(
prpasswd(4))
System Defaults database
(
default(4))
Terminal Control database
(
ttys(4))
File Control database
(
files(4))
Device Assignment database
(
devassign(4))
9.1.1 Local User Account Databases
The following sections describe the local (not associated with NIS)
authentication databases.
9.1.1.1 Local Database: Base Security
Base (BSD) security is the traditional level of security that is available
on UNIX systems.
Tru64 UNIX is configured in base security by default.
The
local base user account files are
/etc/passwd
and
/etc/group.
The data in these files is used to allow or deny a
user access to the system and to files on the system.
Each line of
/etc/passwd
contains information about
one user account.
An entry contains the user name, UID, password, shell, and
user identity information (traditionally referred to as GECOS data).
The
passwd
command changes a user's base password.
The
useradd,
userdel, and
usermod
commands are used by the system manager to add and change
user account information.
The
vipw
command, which performs
some consistency checks, can be used to directly edit the
/etc/passwd
file.
The
/etc/group
file contains group information.
The
groupadd,
groupdel,
groupmod,
and
groups
commands are used to manipulate local base group
information.
9.1.1.2 Local Database: Enhanced Security
Enhanced security is a Tru64 UNIX option that provides many additional
security features for user accounts.
It is configured using the
secconfig
utility after installing the optional enhanced security
subsets.
A system running enhanced security has a local user account database
in addition to
/etc/passwd.
This database, sometimes
called the enhanced (protected) password database, is composed of
/tcb/files/auth.db
and
/var/tcb/files/auth.db.
The
/tcb/files/auth.db
database contains accounts such
as root that must be accessible in single-user mode, while
/var/tcb/files/auth.db
contains the majority of accounts.
The database has an entry for each user account defined in
/etc/passwd.
Under enhanced security,
/etc/passwd
remains unchanged except for the encrypted password, which moves from
/etc/passwd
into
auth.db.
The other fields
in the
/etc/passwd
file (shell, GECOS information, and
so forth) remain in
/etc/passwd
and are used in a normal
fashion.
The enhanced security user account database uniquely identifies a user
by username and UID, which must match the user's
/etc/passwd
entry.
In addition to the encrypted password, an entry contains a set of fields
and values used only by enhanced security.
The
prpasswd(4)
reference
page describes these fields, and the
authcap(4)
reference page describes
the file format.
A user account can be associated with a template account, which can
be used to specify default values for a group of users.
An account is always
finally associated with the system default template values that are contained
in the
/etc/auth/system/default
file.
The
passwd
command changes a user's password under
enhanced security.
The
dxaccounts
program or the
useradd,
usermod, and
userdel
commands are used by the system manager to add, change, and delete user account
information.
9.1.1.3 Templates For User Accounts
A user's entry in the enhanced security user account database is called his profile. Security-aware programs interpret the fields and values in a profile. A user profile need not contain every possible field. If a field is not specified in a user's profile, the system looks in the template account associated with the user, and finally in the system default template, until it finds a value for the field.
Values are obtained as follows:
If the user profile contains a user-specific value, that value is used.
If the user profile contains a reference to a template account, and no user-specific value is defined, the value in the template account is used.
If neither the user profile nor the template account defines a value for a field and the system default template defines a value for that field, the system default template value is used.
If the value is defined nowhere else, a static system default value is used for the field.
The system default template values are located in the
/etc/auth/system/default
file and can be modified using the
dxaccounts
View Local Template option, or with the
edauth
utility.
Other template accounts are stored in
auth.db.
Note that
template accounts have no corresponding
/etc/passwd
entry.
9.1.2 Distributing User Account Databases with NIS
The following sections review the account databases and their relationships
under NIS.
9.1.2.1 Distributed Databases: NIS and Base Security
NIS can be used to distribute all or part of the base user account database to systems across the network. With NIS and base security you have two user account databases:
The local base user account database in
/etc/passwd
and
/etc/group.
The NIS-distributed, base user account database is generated
from the
/var/yp/src/passwd
and
/var/yp/src/group
files located on the NIS master server.
These files, called NIS
maps, are distributed in
ndbm
or
btree
format.
The entries in the NIS-distributed base user account database have the
same fields as the
/etc/passwd
file entries.
A user's account information may be partially distributed.
If the user's
entry in the
/etc/passwd
file has a leading plus sign (+),
both databases are read, but the information from the
/etc/passwd
file (except for the UID and GID fields) overlays the information
from the NIS distributed user account database.
The
/etc/passwd
file on each client system must contain
a
+:
as the last entry in the file to allow users from
the NIS distributed base user account database to log in.
Table 9-1: Controlling NIS With Local /etc/passwd Overrides
| Symbol | Description |
| +: | If a user is not found in the local file, authenticate using the NIS file. |
| +username | Local file field overrides NIS. Used for partial distribution. |
| -username | User is excluded from all matches by local control. |
| +@netgr: | List of users to authenticate
using the local file.
See the
netgroup(4)
reference page. |
| -@netgr: | List of users to refuse using
the NIS file.
See the
netgroup(4)
reference page. |
| +:*: | Sends all password requests to the NIS map. |
The
passwd
command changes the password in the local
base user account database only.
The NIS-distributed password is changed
with the
yppasswd
command.
NIS user accounts can be modified using the
dxaccounts
View NIS User option, or by specifying the
-x distributed=1 local=0
options to the
useradd,
usermod
and
userdel
utilities.
In addition, the system administrator
can modify the NIS map source files in
/var/yp/src
and
manually rebuild the maps using the makefile in
/var/yp.
9.1.2.2 Distributed Databases: NIS and Enhanced Security
NIS can be used to distribute part or all of the enhanced security user account database, as well as part or all of the BSD user account database.
When you are running NIS over enhanced security you have four user account databases:
The local base user account database in
/etc/password
and
/etc/group.
The NIS-distributed base user account database generated from
the
/var/yp/src/passwd
and
/var/yp/src/group
files on the master server and distributed as
ndbm
or
btree
maps.
The local enhanced security user account database.
The NIS-distributed enhanced security user account database
generated from the
/var/yp/src/prpasswd
file on the master
server and distributed as
btree
maps.
The
auth=
entry in the
/etc/svc.conf
file indicates
the order in which the local and NIS enhanced security user account databases
are searched for user entries, either local first or NIS (yp) first.
The
plus sign (+) override feature for
/etc/passwd
entries
works as usual.
Note
When upgrading from a base security system with NIS to an enhanced security system, the
secconfigutility only createsauth.dbentries for NIS users (the+usernameentries in the/etc/passwdfile) if you answer yes to the Create Entries for NIS Users question.
There is no override feature for the enhanced security user account
database.
A user's profile is contained completely in either the local database
or in the NIS distributed data base.
Although templates can be defined for
NIS accounts and distributed as part of the NIS enhanced security maps, NIS
does not distribute the system default template (/etc/auth/system/default).
This template provides the final default values for fields not
specified in a user's profile.
Therefore, under enhanced security, a NIS client
uses its own
/etc/auth/system/default
file to obtain
final default values for both local and NIS user profiles.
If the client system
default file contains different values than that of the NIS master, unintended
behavior can occur.
The
passwd
command changes the password in a user's
local or NIS enhanced security entry.
The
yppasswd
command
changes the fields in the NIS-distributed base user account database as usual.
NIS user accounts can be modified using the
dxaccounts
View NIS User option, or by specifying the
-x distributed=1 local=0
options to the
useradd,
usermod,
and
userdel
utilities.
9.1.2.3 Templates for NIS Accounts
The
/var/yp/src/prpasswd
file is the source for
enhanced security user accounts distributed by NIS.
It can contain template
profiles as well as normal user profiles.
As with a local user profile, a
NIS user profile need not contain every possible field.
If a field is not
specified in a NIS user's profile, the system looks in the NIS template account
associated with the user, and finally in the local system default template,
until it finds a value for the field.
Values are obtained as follows:
If the user profile contains a user-specific value, that value is used.
If the user profile contains a reference to a template account, and no user-specific value is defined, the value in the template account is used.
If neither the user profile nor the template account defines a value for a field and the system default template defines a value for that field, the system default template value is used.
If the value is defined nowhere else, a static system default is used for the field.
NIS template accounts are modified using the
dxaccounts
View NIS Template option, or with the
edauth
utility.
The system default template values are located in the
/etc/auth/system/default
file on the NIS client.
Note that NIS does not distribute the
system default template.
A NIS client uses its own
/etc/auth/system/default
file to obtain final default values for both local and NIS user
profiles.
If the client system default file contains different values than
that of the NIS master, unpredicted behavior can occur.
9.2 Using dxaccounts for User Account Administration
The traditional role for the system administrator, as it relates to
accounts, is to create and retire all user accounts, to create groups, and
to modify the account templates.
On a trusted Tru64 UNIX system, the
dxaccounts
program is used to create and maintain NIS and local
user account databases.
9.2.1 Creating Local or NIS Groups
To create
a group, use the
dxaccounts
program and proceed as follows:
Click on the View menu.
Select either Local Groups or NIS Groups from the popup menu.
Click on the Add icon on the toolbar and add the new group.
9.2.2 Creating Local or NIS User Accounts
Use the
dxaccounts
program to create user accounts.
Click on the View menu item on the menu bar, select either Local Users or
NIS Users from the popup menu, click on the Add icon on the toolbar.
To create
many accounts in a single session, fill in the information for a new user
and provide a password, then click on Apply to create the account.
Then fill
in the information and provide a password for next user and once again click
on Apply to create the account.
By default, new accounts are
created in a locked state.
If the account is not unlocked, the new user will
receive an Account Disabled message when he or she tries to log in and the
login attempt fails.
To avoid this, the account can be explicitly unlocked
when it is created.
Optionally, it can be unlocked at a later time using
dxaccounts.
9.2.3 Retiring Local or NIS Accounts (Enhanced Security Only)
To retire a user account, use the
dxaccounts
program.
Click on the View menu, select either Local Users or NIS Users from the popup
menu, select a user account from the Current View menu, and click on the Retire
icon on the toolbar to retire the user account.
User names and UIDs associated with retired accounts cannot be reused.
To delete, rather than retire, an account under enhanced security, manual
intervention is necessary.
Use
vipw
to remove the
/etc/passwd
entry for the account, then use the
edauth
utility to delete the
auth.db
entry.
9.2.4 Deleting Local or NIS Accounts (Base Security Only)
Run
dxaccounts
and click on the View menu item on
the menu.
Select either Local Users or NIS Users from the popup menu.
Select
a user account from the Current View menu and click the Delete icon on the
toolbar.
This permanently removes the account from the user account database.
9.2.5 Modifying the Local or NIS Account Template
An account template is used to establish default values for unspecified
account parameters.
There are three types of account templates: NIS templates,
local templates, and the default template (which
dxaccounts
groups with the local templates).
When an account is created, it is assigned
the default template.
To modify an account template, use the
dxaccounts
program.
Click on the View item from the menu bar and select either Local
Templates or NIS Templates from the popup menu.
Then double click on the
desired template in the Current View.
9.2.6 Modifying Local or NIS User Accounts
To modify an account, use the
dxaccounts
program.
Click on the View item from the menu bar and select either Local Users or
NIS Users from the popup menu.
Then double click on the desired user account
in the Current View.
9.3 Using Commands for User Account Administration
The
useradd,
userdel, and
usermod
commands can perform most required user account administrative
functions from the command line or a script.
The
groupadd,
groupmod, and
groupdel
commands provide the same
functions for groups.
All of these commands share a set of defaults which
the user may modify.
Two of the defaults control whether the commands act
on local or NIS user accounts.
The
-D
option to
useradd,
usermod, or
groupadd
is used to permanently change the default behavior of all the listed commands.
The
-x
option can be used with
useradd,
userdel,
usermod,
groupadd,
groupmod, and
groupdel
commands to override the
default local versus NIS behavior.
The
-x distributed=1
option causes the command to make changes on the NIS account, while the
-x local=1
causes changes only on the local account.
The reference pages for these utilities describe the available options.
The following sections primarily provide examples of common operations.
9.3.1 Creating Local or NIS Groups
To create a local group, enter the following:
#groupadd -g gid new_group_name
To create a NIS group, enter the following:
#groupadd -g gid -x distributed=1 new_group_name
9.3.2 Creating Local or NIS User Accounts
To create a local account with a specific UID (rather than a system-assigned UID), create a home directory, and after you are prompted for a password, enter the following:
#useradd -u uid -m -p new_user_nameNew password: Retype new password:
To create and unlock a local account, enter the following:
#useradd -x administrative_lock_applied=0 new_user_name
To create a NIS account with the next available UID, enter the following:
#useradd -x distributed=1 new_user_name
By default, new accounts are created in a locked state.
If the account
is not unlocked, the new user receives an Account Disabled message when they
try to log in and the log in attempt fails.
To avoid this, an account can
be explicitly unlocked when it is created as shown in the previous example.
9.3.3 Retiring Local or NIS Accounts (Enhanced Security Only)
With enhanced security, accounts are retired rather than deleted.
The
user names and UIDs associated with retired accounts may not be reused.
The
same actions are performed whether or not the retire (-R)
option is specified.
To retire a local account, enter the following:
#userdel -R user_name
To retire a NIS account, enter the following:
#userdel -R -x distributed=1 user_name
To truly delete, rather than retire, an account under enhanced security,
use
vipw
to remove the
/etc/passwd
entry for the account, then use the
edauth
utility to delete
the
auth.db
entry.
9.3.4 Deleting Local or NIS Accounts (Base Security Only)
The user names and UIDs associated with a deleted account are removed
from the
/etc/passwd
file.
To delete a local account, enter the following:
#userdel user_name
To delete a NIS account, enter the following:
#userdel -x distributed=1 user_name
9.3.5 Modifying Local or NIS User Accounts
To change the shell of a local account, enter the following:
#usermod -s /bin/csh existing_user_name
To change the password of a local account, enter the following:
#usermod -p existing_user_nameNew password:Retype new password:
To change the shell of a NIS account, enter the following:
#usermod -x distributed=1 -s /bin/csh existing_NIS_user_name
9.4 Other Commands Associated with User Account Administration
You can use the
edauth
and
convuser
commands to view and modify various security databases.
These commands are
not intended for routine maintenance.
See the appropriate reference pages
for detailed information.
edauthThe
/usr/tcb/bin/edauth
utility can display and modify the various enhanced security databases,
including the system default database and the user account database.
Note
that it does not affect the
/etc/passwd
file.
convuserThe
/usr/tcb/bin/convuser
utility is not intended for general use.
It performs mass conversions
of user profiles from base to enhanced form.
While the
convuser
utility can also be used to attempt to revert the user profiles from enhanced
form to base form, passwords are not necessarily compatible and may require
changing.
This command is typically used only by an update installation and
by the
secconfig
utility.
You can use the Network Information Service (NIS) to centralize the management of the normal password group information and the enhanced user profiles maintained by enhanced security in the enhanced (protected) password database. A NIS master server can serve a mix of NIS clients, including ULTRIX and Tru64 UNIX systems (with and without enhanced profiles), and other manufacturer's systems with ordinary UNIX passwords and groups. NIS is documented in the Network Administration manual.
The following sections describe the NIS configuration that specifically
affects enhanced security.
9.5.1 Setting Up a NIS Master with Enhanced Security
If NIS is running on the master server, you must stop NIS using
the
/sbin/init.d/nis stop
command, then take the following
steps.
Ensure that Tru64 UNIX Version 5.0A or higher is installed.
Install the security subsets and set up security. See Chapter 7 for details.
Modify the system default template using the following command:
#edauth -dd default
Set the following fields:
d_skip_success_login_log: d_skip_ttys_update:
Create
/var/yp/src/hosts,
/var/yp/src/passwd,
/var/yp/src/group, and
/var/yp/src/prpasswd.
The files can be empty, but should exist
before you run
sysman nis.
Run the
sysman nis
program.
When the
sysman nis
program first prompts
for security (-s
option to
ypbind),
choose
y
to run
ypbind -s, which
specifies a secure socket.
When the
sysman nis
program again prompts
for security (-S
option to
ypbind),
choose
y
and specify a domain name and up to four authorized
slave servers.
Edit the
/etc/svc.conf
file to include
a yp entry for
auth.
The entry should be as follows:
auth=local,yp.
Start NIS using the
/sbin/init.d/nis start
command.
9.5.1.1 Manual Procedure: Maps for Small User Account Databases
For a NIS master server supporting clients using enhanced security,
a manual procedure is best.
Set up the account maps using the
dxaccounts
program or alternatively the
adduser,
addgroup,
useradd,
userdel,
and
usermod
commands.
See
Section 9.5.4
for another
method of setting up accounts.
9.5.1.2 Automated Procedure: Maps for Large User Account Databases
If you have a large existing NIS distributed base user accounts database, you can automate the creation of the NIS distributed enhanced (protected) password database by entering the following command:
#convuser -Mc
Alternatively, you can create the map by creating a
/var/yp/src/prpasswd
file and then executing the following commands:
#/usr/tcb/bin/edauth -Lg > /var/yp/src/prpasswd#cd /var/yp; make prpasswd
9.5.2 Setting Up a NIS Slave Server with Enhanced Security
If NIS is running on the slave server, you must stop NIS using
the
/sbin/init.d/nis stop
command.
The following setup
information is specific to a NIS slave server supporting clients using enhanced
security:
Ensure that Tru64 UNIX Version 5.0A or higher is installed.
Install the security subsets and set up enhanced security. See Chapter 7 for details.
Modify the system default template using the following command:
# edauth -dd default
Set the following fields:
d_skip_success_login_log: d_skip_ttys_update:
Run the
sysman nis
program.
When the
sysman nis
program first prompts
for security (-s
option to
ypbind),
choose
y
to run
ypbind -s, which
specifies a secure socket.
When the
sysman nis
program again prompts
for security (-S
option to
ypbind),
choose
y
and specify a domain name and up to four authorized
slave servers.
Edit the
/etc/svc.conf
file to include
a
yp
entry for
auth.
The entry should
be as follows:
auth=local,yp.
Edit the
/var/yp/ypxfr_1perday,
/var/yp/ypxfr_1perhour,
/var/yp/ypxfr_2perday
files to add the following lines to each:
ypxfr -a "$method" prpasswd ypxfr -a "$method" prpasswd_nonsecure
Start NIS using the
/sbin/init.d/nis start
command.
9.5.3 Setting Up a NIS Client with Enhanced Security
If NIS is running on the slave server, you must stop NIS using
the
/sbin/init.d/nis stop
command.
The following setup
information is specific to a NIS client using enhanced password security:
Ensure that Tru64 UNIX Version 5.0A or higher is installed.
Install the security subsets and set up enhanced security. See Chapter 7 for details.
Modify the system default template using the following command:
# edauth -dd default
Set the following fields:
d_skip_success_login_log: d_skip_ttys_update:
Run the
sysman nis
program.
When the
sysman nis
program first prompts
for security (-s
option to
ypbind),
choose
y
to run
ypbind -s, which
specifies a secure socket.
When the
sysman nis
program again prompts
for security (-S
option to
ypbind),
choose
y
and specify a domain name and up to four authorized
slave servers.
Edit the
/etc/svc.conf
file to include
a
yp
entry for
auth.
The entry should
be as follows:
auth=local,yp.
Start NIS using the
/sbin/init.d/nis start
command.
9.5.4 Moving Local Accounts to NIS
To move existing local accounts to NIS, use the following command:
#edauth -Lg | edauth -NsC
If you need to remove the NIS support from a trusted client system, copy the NIS accounts to the local database and then remove NIS using the following commands on the client:
#edauth -gN | edauth -sLC#sysman nis<select the Remove option from the menu>
The enhanced (protected) password database on the client machine
is updated with any accounts from the NIS database that are not present in
the local database.
9.5.6 Implementation Notes
The following information is specific to enhanced security and NIS:
To change your password when running NIS with enhanced security,
use the
passwd
command for both local and distributed
enhanced (protected) password database entries.
The
passwd
command uses the search list in the
svc.conf
file (auth=local,yp
entry) and updates the password in the first enhanced
(protected) password database entry it finds for the specified user, even
if that entry is in the NIS-distributed enhanced password database.
It is very important that each enhanced password database
entry exists in only one database, either the local enhanced password database
or the NIS-distributed enhanced password database.
The routines that check
and manipulate the enhanced password database information work on the first
copy found (as defined in the
svc.conf
file).
NIS
yp
routines work on the NIS-distributed enhanced password database
only.
This can cause confusing results if you have the same entry in both
places.
If this happens, delete one of the copies.
It is strongly recommended that you do not distribute
root
account information.
Maintaining a local
root
account on a client system allows you to still log in on the client systems
using the
root
account if your NIS server is down.
Strict C2 security rules require an update to a user's enhanced
profile each time that the user logs in, to maintain the last successful login
information.
On a NIS master, this requires rebuilding the map and shipping
it to the slaves.
Tru64 UNIX Version 5.0A makes these updates optional.
The
d_skip_success_login_log
system default field controls this behavior, and Compaq
recommends setting it to true.
Although the user account database can only be modified on the NIS master server, disabling successful login logging means that the NIS master server does not always have to be available for logins to be successful if there is a properly configured NIS slave server.
Scalability improvements include:
An update to a single entry does not always cause a rebuild
of the entire
prpasswd
map.
The map entries are updated
directly if possible.
If successful login logging is enabled, a successful login does not wait for the NIS map to be distributed before completing. It only waits to make sure that the NIS master has been updated. If unsuccessful login logging is enabled, unsuccessful login attempts still wait for the map to be distributed to the slave servers before completing. This is required for security and timing issues.
The database format for NIS maps is configurable.
You can
choose
btree
or
hash
in addition to
ndbm.
When using
ndbm
for NIS map storage, there
is a limit to the number of account records that can be stored, which depends
on the mix of account names and UIDs.
A typical limit is about 30,000 entries,
but some mixes of account names and UIDs can result in a limitation of fewer
than 10,000 entries.
Because of this constraint in
ndbm, Compaq
recommends that you use
btree
as your database format,
especially when using enhanced security.
NIS servers work best with a common database format.
If a
slave server has defined a different format than the master (ndbm
instead of
btree, for example), the time it
takes to push any maps to that slave server is drastically increased because
the slave server must rebuild its database one element at a time, instead
of receiving the database from the master as a single entity.
NIS slaves that are not listed in the
ypservers
NIS map on the NIS master can cause performance problems for NIS clients bound
to those slaves.
To solve this, define all NIS slaves in the
ypservers
NIS map on the NIS master.
Then, on the slave server, execute
the following commands to pull the user account databases from the NIS master:
#/var/yp/ypxfr -d `domainname` -h NISMASTER -c prpasswd#/var/yp/ypxfr -d `domainname` -h NISMASTER -c prpasswd_nonsecure
In the example, substitute the name of the local NIS master server for NISMASTER. This will transfer initial copies of those maps for those slave servers.
A login process that encounters a login failure has to check
the
prpasswd
map for the latest unsuccessful login information.
This requires an up-to-date
prpasswd
map.
Thus, the
yppush
operation for the
prpasswd
map must
occur for each failed login; that map (at least) must be pushed during the
normal operation of the
rpc.yppasswdd
daemon.
Setting the
/var/yp/Makefile
variable
NOPUSH
is not recommended
for such configurations.
Sites that cannot use NIS to share
prpasswd
information may want to use NFS to share the
/tcb/files
and
/var/tcb/files
directories.
This requires exporting
the directories with root access to the participating nodes with
-root=client1:client2:client3
or
-root=0, as
appropriate.
See the
exports(4)
reference page.
It also requires that
NFS locking be enabled so that database corruption does not occur.
Table 9-2 discusses some common NIS problems and possible reasons for those problems.
Table 9-2: NIS Troubleshooting
| Problem | Possible Reason |
Successful login to a local account,
but cannot log in to any of the NIS accounts.
The
dxaccounts
utility displays that the account exists and is not locked. |
1.
Check the
2.
Check the
|
Slave NIS server does not get
the updated
prpasswd
maps on boot. |
Check the
|
The
dxaccounts
program View popup menu does not show any NIS User Account Database options
(for example, NIS Users, NIS Groups, and NIS Templates). |
NIS is not running or has not been configured. |
When you issue the
|
This is an informational message. No action is required. |
When you issue the
|
The hosts map does not exist. Perform the following commands:
|