|Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
May the source be with you, but remember the KISS principle ;-)
Skepticism and critical thinking is not panacea, but can help to understand the world better
The following tutorial is based largely on publicly available Sun Solaris 9 materials including some quotes from Sun Student Guide for SA-299. Troubleshooting part is based on Sun NIS FAQ largely available from other sources on Internet. Also some of material from O'Reilly Practical Unix and Internet Security were used in security part. This tutorial was used a couple of times as a material for lectures, but generally is still pretty raw... It is provided "as is" in a hope that some may found it useful...
Network Information Service (NIS) is a distributed database that allows you to maintain consistent configuration files throughout your network. It was initially released by Sun in the early 80's and called Sun Yellow Pages, but later had to be renamed for legal reasons due to trademark protection of the term "yellow pages" by British Telecom. NIS commands still begin with the prefix yp. All Unix vendors have licensed Sun's code, making NIS a the most widely supported naming service after DNS. Even today Solaris NIS is one of the oldest and best known and most reliable distributed database for Unix configuration files Like NFS NIS implementation is based on RPC, so this far more then a file synchronization services.
Note: NIS was later enhanced by Sun to more complex and less reliable implementation called NIS+. Paradoxically NIS+ became obsolete even before NIS. NIS+ won't be covered in this class. For those that are interested in it, there is an IBM red book that contains a lot of information. NIS+ is still is available in Solaris and even is a default naming service during the installation in Solaris 9.
While sufficiently simpler than NIS+ NIS is still obscure enough to create a lot of problems for administrators. For example it treats the passwd database as a special case (and actually not in completely secure way, defeating Solaris shadow file mechanism). Unlike similar implementation on AIX and Linux Solaris implementation does not understand the symbol plus as the frist symbol of the line to be a start in "NIS include". Solaris NIS uses /etc/nsswitch to determine in what order the information sources for a particular name should be queried.
The following terms are crucial for an understanding of NIS:
While NIS does simplifies synchronization of user accounts and configuration files on multiple servers, currently 80% of NIS functionality can be achieved using other protocols, for example ssh or Tivoli Configuration Manager. With the availability of ssh and scp that can perform the push of arbitrary files to arbitrary number of servers in a secure way NIS makes slightly less sense due to security concerns, especially for files that does not change often. Still not all NIS functionality can be completely replicated via other protocols. We already mentioned ssh, but while very convenient for regular configuration files it is not very convenient for replicating passwd files as it requires special efforts to provide the possibility of updating the passwd locally. NIS provides this possibility out of the box. Lately LDAP emerged as a better fit for integrating of /etc/passwd into the central database in the enterprise environment. But is has its share of problems. See IBM Redbooks AIX - Migrating NIS Maps into LDAP
However, even though NIS has been deprecated, it is still widely used in many environments. Also it can serve as a poor man bridge between Microsoft Active Directory and Unix world (via Microsoft SFU NIS implementation).
NIS is a distributed database system that lets many computers share configuration files like password files, group files, host tables, etc from the central network server (master server). NIS makes network administration more manageable by providing centralized control over a variety of network information. This collection of network information is called the NIS namespace.
It understands passwd files as a special case but other then that can be used for synchronizing arbitrary files. If the rpc.yppasswdd daemon is running you can enter the passwd command on any NIS client: passwd in Solaris 2.6 and higher check to see if the password file is managed by NIS, and invoke yppasswd if this is the case. After changing your password you should see the message "NIS entry changed on alpha" where alpha is the name of a NIS master. The following session illustrates this point:
$ passwd Changing NIS password for joeuser on server1. Old password: New password: Retype new password: NIS entry changed on alpha
You can view it as specialized NFS for configuration files although it is more than that as it permits dynamically combine the parts of the file stored on the client server with the parts of the file stored in the networked master server (so called maps). It also optimized for fast performance of this particular function and can scale to hundreds of computers.
Like in NFS although the files appear to be available on every computer, they are actually stored on only on NIS master server (in NIs case they are replicated from the master and possibly replicated on a backup, secondary server, or slave server). While you can update files on the master NIS clients will use those modified files as if they were stored locally. Files stored on the master server not directly but in special format called NIS maps. NIS maps are compiled form regular files using Unix make.
With NIS, configuration files can be managed more easily because all or part of the configuration information can be stored and maintained on a single machine yet used on all the systems in the network.
For example in case of passwd file this can be Unix administrator group that should have account on each server. Moreover in some NIS implementation (but not in Solaris) there are capabilities similar to grep: you can restrict NIS to importing only accounts of particular users by following the + symbol with a particular username.
In Solaris /etc/nsswitch file provided information about whether a particular file should be taken from NIS or not and in what order the files are appended to each other. Think about it as a primitive meta file that specified several includes:
hosts: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
ethers: nis [NOTFOUND=return] files
netmasks: nis [NOTFOUND=return] files
bootparams: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
In some old implementations of NIS (for example in Solaris 1) the capabilities are closer to include files well known in C macroprocessor. Syntax is different, though. NIS uses the plus sign (+) in the first column to mark in the include. The plus sign instructs the Unix daemon that reads in this configuration file to query the NIS server for the included fragment, for example:
Note that UID and GID for this user are included are not used and will be replaced from NIS on each access: getpwuid ( ) actually goes to the NIS map and overrides the UID and GID values that you specify. So the whole record will be overwritten from the map. In those implementations you also have a rudimentary capability to exclude certain usernames from being imported from the inserted fragment by inserting a line that begins with a minus sign (-). For example, to exclude account and include the others from the server, you might use the following /etc/passwd file:root::0:1:Root:/:/bin/sh -joeuser::2005:2005::: +::9999:9999:::
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info|
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: March 12, 2019