LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/nag2/x10579.html

659 lines
11 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Getting Acquainted with NIS</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
REL="HOME"
TITLE="Linux Network Administrators Guide"
HREF="index.html"><LINK
REL="UP"
TITLE="The Network Information System"
HREF="x-087-2-nis.html"><LINK
REL="PREVIOUS"
TITLE="The Network Information System"
HREF="x-087-2-nis.html"><LINK
REL="NEXT"
TITLE="NIS Versus NIS+"
HREF="x-087-2-nis.nisplus.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux Network Administrators Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x-087-2-nis.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 13. The Network Information System</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x-087-2-nis.nisplus.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN10579"
>13.1. Getting Acquainted with NIS</A
></H1
><P
>&#13;
NIS keeps database information in files called <I
CLASS="EMPHASIS"
>maps</I
>,
which contain key-value pairs. An example of a key-value pair is a user's login
name and the encrypted form of their login password. Maps are stored on a
central host running the NIS server, from which clients may retrieve the
information through various RPC calls. Quite frequently, maps are stored in DBM
files.<A
NAME="X-087-2-FNNI05"
HREF="#FTN.X-087-2-FNNI05"
>[1]</A
>&#13;</P
><P
>&#13;
The maps themselves are usually generated from master text files such as
<TT
CLASS="FILENAME"
>/etc/hosts</TT
> or <TT
CLASS="FILENAME"
>/etc/passwd</TT
>. For
some files, several maps are created, one for each search key type. For
instance, you may search the <TT
CLASS="FILENAME"
>hosts</TT
> file for a hostname
as well as for an IP address. Accordingly, two NIS maps are derived from it,
called <TT
CLASS="FILENAME"
>hosts.byname</TT
> and <TT
CLASS="FILENAME"
>hosts.byaddr</TT
>.
<A
HREF="x10579.html#X-087-2-NIS.TABLE.MAPS"
>Table 13-1</A
> lists common maps and the files from
which they are generated.</P
><DIV
CLASS="TABLE"
><A
NAME="X-087-2-NIS.TABLE.MAPS"
></A
><P
><B
>Table 13-1. Some Standard NIS Maps and Corresponding Files</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><THEAD
><TR
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Master File</TH
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Map(s)</TH
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Description</TH
></TR
></THEAD
><TBODY
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/etc/hosts</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><TT
CLASS="FILENAME"
>hosts.byname</TT
>, <TT
CLASS="FILENAME"
>hosts.byaddr</TT
></P
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Maps IP addresses to host names</P
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/etc/networks</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><TT
CLASS="FILENAME"
>networks.byname</TT
>, <TT
CLASS="FILENAME"
>networks.byaddr</TT
></P
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Maps IP network addresses to network names</P
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><TT
CLASS="FILENAME"
>/etc/passwd</TT
></P
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><TT
CLASS="FILENAME"
>passwd.byname</TT
>, <TT
CLASS="FILENAME"
>passwd.byuid</TT
></P
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Maps encrypted passwords to user login names</P
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><TT
CLASS="FILENAME"
>/etc/group</TT
></P
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><TT
CLASS="FILENAME"
>group.byname</TT
>, <TT
CLASS="FILENAME"
>group.bygid</TT
></P
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Maps Group IDs to group names</P
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><TT
CLASS="FILENAME"
>/etc/services</TT
></P
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><TT
CLASS="FILENAME"
>services.byname</TT
>, <TT
CLASS="FILENAME"
>services.bynumber</TT
></P
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Maps service descriptions to service names</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/etc/rpc</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><TT
CLASS="FILENAME"
>rpc.byname</TT
>, <TT
CLASS="FILENAME"
>rpc.bynumber</TT
></P
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Maps Sun RPC service numbers to RPC service names</P
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/etc/protocols</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><TT
CLASS="FILENAME"
>protocols.byname</TT
>, <TT
CLASS="FILENAME"
>protocols.bynumber</TT
></P
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Maps protocol numbers to protocol names</P
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/usr/lib/aliases</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>mail.aliases</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Maps mail aliases to mail alias names</P
></TD
></TR
></TBODY
></TABLE
></DIV
><P
>You may find support for other files and maps in other NIS packages.
These usually contain information for applications not discussed in this book,
such as the <TT
CLASS="FILENAME"
>bootparams</TT
> map that is used by Sun's
<B
CLASS="COMMAND"
>bootparamd</B
> server.</P
><P
>&#13;
For some maps, people commonly use <I
CLASS="EMPHASIS"
>nicknames</I
>, which are
shorter and therefore easier to type. Note that these nicknames are understood
only by <B
CLASS="COMMAND"
>ypcat</B
> and <B
CLASS="COMMAND"
>ypmatch</B
>, two tools for
checking your NIS configuration. To obtain a full list of nicknames understood
by these tools, run the following command:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
>$ <TT
CLASS="USERINPUT"
><B
>ypcat -x</B
></TT
>
Use "passwd" for "passwd.byname"
Use "group" for "group.byname"
Use "networks" for "networks.byaddr"
Use "hosts" for "hosts.byaddr"
Use "protocols" for "protocols.bynumber"
Use "services" for "services.byname"
Use "aliases" for "mail.aliases"
Use "ethers" for "ethers.byname"</PRE
></TD
></TR
></TABLE
></P
><P
>&#13;
The NIS server program is traditionally called <B
CLASS="COMMAND"
>ypserv</B
>. For
an average network, a single server usually suffices; large networks may
choose to run several of these on different machines and different segments
of the network to relieve the load on the server machines and routers.
These servers are synchronized by making one of them the <I
CLASS="EMPHASIS"
>master
server</I
>, and the others <I
CLASS="EMPHASIS"
>slave servers</I
>. Maps are
created only on the master server's host. From there, they are distributed to
all slaves.</P
><P
>&#13;
We have been talking very vaguely about &#8220;networks.&#8221; There's a
distinctive term in NIS that refers to a collection of all hosts that share
part of their system configuration data through NIS: the
<I
CLASS="EMPHASIS"
>NIS domain</I
>. Unfortunately, NIS domains
have absolutely nothing in common with the domains we encountered in DNS. To
avoid any ambiguity throughout this chapter, we will therefore always specify
which type of domain we mean.</P
><P
>&#13;
NIS domains have a purely administrative function. They are mostly
invisible to users, except for the sharing of passwords between all
machines in the domain. Therefore, the name given to an NIS domain is
relevant only to the administrators. Usually, any name will do, as long
as it is different from any other NIS domain name on your local network.
For instance, the administrator at the Virtual Brewery may choose to
create two NIS domains, one for the Brewery itself, and one for the
Winery, which she names <SPAN
CLASS="SYSTEMITEM"
>brewery</SPAN
> and
<SPAN
CLASS="SYSTEMITEM"
>winery</SPAN
> respectively. Another quite
common scheme is to simply use the DNS domain name for NIS as well.</P
><P
>To set and display the NIS domain name of your host, you can use the
<B
CLASS="COMMAND"
>domainname</B
> command. When invoked without any argument, it
prints the current NIS domain name; to set the domain name, you must
become the superuser:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
># <TT
CLASS="USERINPUT"
><B
>domainname brewery</B
></TT
></PRE
></TD
></TR
></TABLE
></P
><P
>NIS domains determine which NIS server an application will query. For
instance, the <B
CLASS="COMMAND"
>login</B
> program on a host at the Winery should,
of course, query only the Winery's NIS server (or one of them, if there
are several) for a user's password information, while an application on
a Brewery host should stick with the Brewery's server.</P
><P
>&#13;
One mystery now remains to be solved: how does a client find out which
server to connect to? The simplest approach would use a configuration
file that names the host on which to find the server. However, this approach
is rather inflexible because it doesn't allow clients to use different servers
(from the same domain, of course) depending on their availability. Therefore,
NIS implementations rely on a special daemon called <B
CLASS="COMMAND"
>ypbind</B
>
to detect a suitable NIS server in their NIS domain. Before performing any
NIS queries, an application first finds out from
<B
CLASS="COMMAND"
>ypbind</B
> which server to use.</P
><P
><B
CLASS="COMMAND"
>ypbind</B
> probes for servers by broadcasting to the local IP
network; the first to respond is assumed to be the fastest one and
is used in all subsequent NIS queries. After a certain interval has
elapsed, or if the server becomes unavailable, <B
CLASS="COMMAND"
>ypbind</B
>
probes for active servers again.</P
><P
>Dynamic binding is useful only when your network provides more than one
NIS server. Dynamic binding also introduces a security problem.
<B
CLASS="COMMAND"
>ypbind</B
> blindly believes whoever answers, whether it be a
humble NIS server or a malicious intruder. Needless to say, this
becomes especially troublesome if you manage your password databases over NIS.
To guard against this, the Linux <B
CLASS="COMMAND"
>ypbind</B
> program provides
you with the option of probing the local network to find the local NIS server,
or configuring the NIS server hostname in a configuration file.</P
></DIV
><H3
CLASS="FOOTNOTES"
>Notes</H3
><TABLE
BORDER="0"
CLASS="FOOTNOTES"
WIDTH="100%"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="5%"
><A
NAME="FTN.X-087-2-FNNI05"
HREF="x10579.html#X-087-2-FNNI05"
>[1]</A
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="95%"
><P
>DBM is a simple database management library that uses hashing techniques
to speed up search operations. There's a free DBM implementation from the
GNU project called <TT
CLASS="FILENAME"
>gdbm</TT
>, which is part of most Linux
distributions.</P
></TD
></TR
></TABLE
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x-087-2-nis.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x-087-2-nis.nisplus.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>The Network Information System</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="x-087-2-nis.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>NIS Versus NIS+</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink