NIS+
From Wikipedia, the free encyclopedia
NIS+ is a directory service developed by Sun Microsystems to replace its older Network Information Service. It is used to store shared configuration data such as user accounts, host names and addresses, printer information and NFS disk mounts. It is designed to eliminate the need to duplicate this information on individual systems, instead using a central repository on a master server, easing system administration. NIS+ client software has been ported to other Unix and Unix-like platforms, notably Linux.
NIS and NIS+ are only similar in their purpose and name; otherwise, they have completely different design. NIS+ differs from NIS in the following ways:
- NIS+ is hierarchical.
- NIS+ is based around Secure RPC (Servers must authenticate clients and vice-versa).
- NIS+ may be replicated (Replicas are read-only).
- NIS+ implements permissions (permissions on directories, tables, columns and rows).
- NIS+ also implements permissions on operations (for example, being able to nisping the changed data on the master to the replicas).
Prior to the release of Solaris 9 in 2002, Sun Microsystems announced its intent to remove NIS+ from Solaris in a future release, and now recommends that customers use an LDAP-based lookup scheme. NIS+ functionality was not removed from either Solaris 9 or Solaris 10, although both releases include tools to migrate NIS+ data to an LDAP server.[1]
Contents |
[edit] The problem of managing network information
In the 1970s, when computers were expensive and networks consisted of a few nodes, administering network information distributed across a few nodes was manageable and a centralized system was not needed. As computers became cheaper and networks grew larger, the need for a lookup service arose.
For Example, whenever there is a new user or node added to the network, the following maps must reflect it
| map | sample entry | information |
|---|---|---|
| /etc/passwd | numiri:x:37:4:Sebastian Nguyen:/home/numiri | user name, home directory, ... |
| /etc/shadow | numiri:1AD3ioUMlkj234k: | encrypted password |
| /etc/group | student:4: | user role for file permissions |
| /etc/hosts | colosus 192.168.1.25 | machines on the network |
Supposing a new machine and a new user comes onto a network of 20 machines, not running centralized network information. The UNIX administrator would need to modify 5 files on 20 machines, totalling 100 files. This is the problem NIS+ was designed to address. In actuality, many other maps can be centralized fon NIS+: auto_master, auto_home, bootparams, cred, ethers, aliases, netmasks, netgroup, networks, protocols, rpc, services, timezone.
With NIS+, adding user and machines to the network only requires changes to the NIS+ server's maps and the new host’s /etc/nsswitch.conf needs to point to the NIS+ server. When a user logs into any other machine, that host (the NIS+ client), knowing who the NIS+ server is, queries it for user name/password to identify & authenticate the user.
[edit] Alternatives
Other alternative schemes for storing network information exist, such as the LDAP standard maintained by IETF, including Microsoft’s LDAP implementation, Active Directory. LDAP can be configured to handle more general information, such as corporate employee structures, phone numbers, address, etc. so it requires more thought and planning. Technically, NIS+ uses ONC RPC which runs over UDP, and in networks with dropped UDP packets, LDAP is a better performer since it runs at the higher level TCP where retransmits are built into TCP. Many organizations requires all the features of these 3 services, NIS+, LDAP, AD and run them all simultaneously.
An installation of NIS+ comes with predefined tables for structuring data, and commands are available to create other tables as needed.
[edit] NIS+ client-and-server model
NIS+ uses a hierarchical structure; multiple servers in a domain can run NIS+. The primary server is known as the master server, and backup servers are known as replica servers. Both types of servers run NIS+ and have a copy of the NIS+ tables. Changes are first committed to the master server and then propagated to replica servers in increments.
NIS+ table permissions determine a user's level of access to the table's contents.
[edit] How-To NIS+
Here’s how to set up a simple NIS+ configuration to manage users and machines on the network. Use the man pages for details on the specified files or commands.
On the NIS+ server
1. Copy the files to be centrally administered to a working directory & modify them as needed: eg. passwd, shadow, group, hosts, auto_home, auto_master
- > cp /etc/passwd ~admin/maps
2. ensure that any file servers named in the maps, eg. auto_home, shares out its file systems via /etc/dfs/dfstab. Don’t forget to run
- > svcadm enable network/nfs/server
when the file is modified.
3. define your NIS+ domain by naming it in /etc/defaultdomain
4. ensure the NIS+ executables in /usr/lib/nis are in your PATH
5. initialize the server
- > nisserver –r
6. reboot
7. from the nisfiles directory, populate the empty NIS+ table
- > nispopulate –v –F
On the NIS+ client
1. define your NIS+ domain in /etc/defaultdomain
2. initialize the client
- > nisclient –I –h <server host name> -d <domain name>
3. reboot
Maintaining NIS+
1. NIS+ maps and objects can be viewed as follows
- >nisls
- >nisls org_dir
- >niscat passwd.org_dir
2. To add a user
- > nistbladm –a name=numiri uid=37 gid=23 home=/home/numiri shell=/bin/sh passwd.org_dir
users can be modified with the "-m" switch.
3. Passwords can be changed w/
- > nispasswd <username>
[edit] See also
- client-server model
- Lightweight Directory Access Protocol (LDAP)
- Network Information Service (NIS)
[edit] References
- ^ NIS+ End-of-Feature (EOF) Announcement FAQ. Sun Microsystems. Retrieved on 2007-06-04.
[edit] External links
|
||||||||||||||||||||
