Chapter 17: Network Information Service NIS

17.1 Purpose and Concepts

Networking has led to the introduction of an enormous number of different network applications, which in turn has brought new qualities to computer use. The single host environment has been replaced by multiple hosts, which offer their resources to users and create an almost unrestricted working environment. However to make and maintain such a working environment, a certain level of administration is required; otherwise, everything becomes useless. Multiple hosts in the network present multiple administrative points and require more attention and work to be provided. Can you imagine the network with several hundred computers in it and a new user account to be opened on each of them; or maybe a deletion or modification? The Network Information Service or System − NIS, initially known as the Yellow Pages, is an administrative database that enables a central control over a group of hosts computers that belong to the same, so−called NIS domain. NIS converts important administrative files into a database that can be queried over the network. This ensures that all hosts in the NIS domain have access to the very same administrative databases, which can then be centrally maintained. In NIS terminology, the databases are called NIS maps; they are all created at the single host, the NIS master server, and made accessible through the network to all hosts in the NIS domain — the NIS clients. Any modification of an administrative file at the NIS master server can be easily transferred to an NIS map, and immediately made transparent to all other hosts. Since the number of NIS hosts could be very large, the benefit of a centralized administration is obvious: instead of repeating the same administrative task dozens, or even hundreds, of times, everything has to be done only once. The consistency of the data is guaranteed and achieved in an optimal way. In addition, a sufficient flexibility in administering individual hosts is preserved; NIS enables a selective approach to all administrative issues. NIS is Sun Microsystems baby, and it was a very successful product, first implemented on the SunOS platform. Despite some inherent security problems, other UNIX vendors quickly adopted NIS. Today NIS is a standard part of any UNIX installation. Sun Microsystems later released a new version of the Network Information System, known as NIS+. This was a new product for the same purpose, but definitely a different software package. The basic idea has been to improve the older product with the preserved compatibility. Unfortunately things do not always happen as expected. The new product has not been so successful, and Solaris is practically the only UNIX flavor that implemented it. Neither of the main UNIX players followed this path. Chances for some future comeback of NIS+ are also cumbersome. Today it seems that another product, LDAP, is the most serious candidate to replace NIS. LDAP stands for Lightweight Directory Access Protocol and presents a project to provide global directory services over the Internet in an easier way. The idea is to obtain different types of information from distributed databases spread all over the Internet like e−mail addresses, phone numbers, etc.. Each individual LDAP server would manage its own database about its own community. Individual servers will then be hierarchically merged, making needed information accessible worldwide. The concept of LDAP is quite close to the DNS concept; this is not strange, bearing in mind their similarities and the fact that DNS has been going on so successfully for quite a long time. LDAP was specified in the RFC−1777. LDAP mechanisms could also be used to distribute administrative data, of course in a slightly more restrictive way. The existing RFC−2307 with the title An Approach for Using LDAP as a Network Information Service indicates such a tendency. 402 The client−server model does not mean a strict division of hosts to the exclusive client−hosts versus server−hosts. The model is intended to separate client and server processes that could communicate through the network, but also locally; the client and a server process can run on the same host. This is a usual pattern for almost all network services, including NIS. Although the server−only NIS host is possible, it happens very rarely; usually the NIS client process is also running on the same host. However, NIS client−only hosts are very common and they represent a majority of the hosts in an NIS domain. Each individual NIS host must be configured appropriately for the NIS service; once this is done, all future centralized administration is performed through the NIS master server. The needed flexibility in NIS can be achieved at the client side by a selective adjustment of the client−specific exceptions. The local administrative data on each NIS client could be fully replaced with the NIS maps, but the maps can also be appended to the local data. In that case, a client first looks up local data and then queries an NIS server for the information. With the distinction between NIS servers and clients firmly established, each UNIX system fits into the NIS scheme in one of the following ways: Client only — Generally the most common NIS configuration, typical for any UNIX hosts whether it is a desktop workstation or a powerful server of any kind. An NIS client queries an NIS server for needed information and correspondingly receives queried information. • Server only — The host that handles client NIS queries, but it does not use NIS for its own operations. It can be useful when a server has to provide global information like password data or similar to a number of NIS clients, but security concerns prohibit the server from using these same data. Server−only configuration is extremely rare and it is not recommended. • Client and server — The same host functions as an NIS server and as an NIS client; its management is streamlined with that of other client−only hosts. • An NIS domain is presented in Figure 17.1. 403 Figure 17.1: An NIS domain: NIS master, slaves, and clients. Note: The Network Information Service NIS was formerly known as Sun Yellow Pages YP. The functionality of the two remains the same; only the name has changed. The name Yellow Pages is a registered trademark in the United Kingdom of British Telecommunications plc, and may not be used without permission. NIS provides the concept of domain to allow an administrator to set different policies for different UNIX hosts. Actually a domain is a set of NIS maps, and the maps enforce a certain administrative policy. In principle, a client can belong to several different domains and refer toward any map from any of those domains. However in real life this is not a frequent case — mostly a host looks up data from one set of NIS maps, i.e., UNIX host is assigned to a single default NIS domain.

17.2 NIS Paradigm