659 lines
11 KiB
HTML
659 lines
11 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Getting Acquainted with NIS</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux Network Administrators Guide"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="The Network Information System"
|
|
HREF="x-087-2-nis.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="The Network Information System"
|
|
HREF="x-087-2-nis.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="NIS Versus NIS+"
|
|
HREF="x-087-2-nis.nisplus.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux Network Administrators Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-nis.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 13. The Network Information System</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-nis.nisplus.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="AEN10579"
|
|
>13.1. Getting Acquainted with NIS</A
|
|
></H1
|
|
><P
|
|
>
|
|
NIS keeps database information in files called <I
|
|
CLASS="EMPHASIS"
|
|
>maps</I
|
|
>,
|
|
which contain key-value pairs. An example of a key-value pair is a user's login
|
|
name and the encrypted form of their login password. Maps are stored on a
|
|
central host running the NIS server, from which clients may retrieve the
|
|
information through various RPC calls. Quite frequently, maps are stored in DBM
|
|
files.<A
|
|
NAME="X-087-2-FNNI05"
|
|
HREF="#FTN.X-087-2-FNNI05"
|
|
>[1]</A
|
|
> </P
|
|
><P
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The maps themselves are usually generated from master text files such as
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/etc/hosts</TT
|
|
> or <TT
|
|
CLASS="FILENAME"
|
|
>/etc/passwd</TT
|
|
>. For
|
|
some files, several maps are created, one for each search key type. For
|
|
instance, you may search the <TT
|
|
CLASS="FILENAME"
|
|
>hosts</TT
|
|
> file for a hostname
|
|
as well as for an IP address. Accordingly, two NIS maps are derived from it,
|
|
called <TT
|
|
CLASS="FILENAME"
|
|
>hosts.byname</TT
|
|
> and <TT
|
|
CLASS="FILENAME"
|
|
>hosts.byaddr</TT
|
|
>.
|
|
<A
|
|
HREF="x10579.html#X-087-2-NIS.TABLE.MAPS"
|
|
>Table 13-1</A
|
|
> lists common maps and the files from
|
|
which they are generated.</P
|
|
><DIV
|
|
CLASS="TABLE"
|
|
><A
|
|
NAME="X-087-2-NIS.TABLE.MAPS"
|
|
></A
|
|
><P
|
|
><B
|
|
>Table 13-1. Some Standard NIS Maps and Corresponding Files</B
|
|
></P
|
|
><TABLE
|
|
BORDER="1"
|
|
CLASS="CALSTABLE"
|
|
><THEAD
|
|
><TR
|
|
><TH
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
>Master File</TH
|
|
><TH
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
>Map(s)</TH
|
|
><TH
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
>Description</TH
|
|
></TR
|
|
></THEAD
|
|
><TBODY
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>/etc/hosts</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>hosts.byname</TT
|
|
>, <TT
|
|
CLASS="FILENAME"
|
|
>hosts.byaddr</TT
|
|
></P
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>Maps IP addresses to host names</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>/etc/networks</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>networks.byname</TT
|
|
>, <TT
|
|
CLASS="FILENAME"
|
|
>networks.byaddr</TT
|
|
></P
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>Maps IP network addresses to network names</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>/etc/passwd</TT
|
|
></P
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>passwd.byname</TT
|
|
>, <TT
|
|
CLASS="FILENAME"
|
|
>passwd.byuid</TT
|
|
></P
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>Maps encrypted passwords to user login names</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>/etc/group</TT
|
|
></P
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>group.byname</TT
|
|
>, <TT
|
|
CLASS="FILENAME"
|
|
>group.bygid</TT
|
|
></P
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>Maps Group IDs to group names</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>/etc/services</TT
|
|
></P
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>services.byname</TT
|
|
>, <TT
|
|
CLASS="FILENAME"
|
|
>services.bynumber</TT
|
|
></P
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
>Maps service descriptions to service names</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>/etc/rpc</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>rpc.byname</TT
|
|
>, <TT
|
|
CLASS="FILENAME"
|
|
>rpc.bynumber</TT
|
|
></P
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>Maps Sun RPC service numbers to RPC service names</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>/etc/protocols</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>protocols.byname</TT
|
|
>, <TT
|
|
CLASS="FILENAME"
|
|
>protocols.bynumber</TT
|
|
></P
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>Maps protocol numbers to protocol names</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>/usr/lib/aliases</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>mail.aliases</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>Maps mail aliases to mail alias names</P
|
|
></TD
|
|
></TR
|
|
></TBODY
|
|
></TABLE
|
|
></DIV
|
|
><P
|
|
>You may find support for other files and maps in other NIS packages.
|
|
These usually contain information for applications not discussed in this book,
|
|
such as the <TT
|
|
CLASS="FILENAME"
|
|
>bootparams</TT
|
|
> map that is used by Sun's
|
|
<B
|
|
CLASS="COMMAND"
|
|
>bootparamd</B
|
|
> server.</P
|
|
><P
|
|
>
|
|
|
|
|
|
For some maps, people commonly use <I
|
|
CLASS="EMPHASIS"
|
|
>nicknames</I
|
|
>, which are
|
|
shorter and therefore easier to type. Note that these nicknames are understood
|
|
only by <B
|
|
CLASS="COMMAND"
|
|
>ypcat</B
|
|
> and <B
|
|
CLASS="COMMAND"
|
|
>ypmatch</B
|
|
>, two tools for
|
|
checking your NIS configuration. To obtain a full list of nicknames understood
|
|
by these tools, run the following command:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>$ <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>ypcat -x</B
|
|
></TT
|
|
>
|
|
Use "passwd" for "passwd.byname"
|
|
Use "group" for "group.byname"
|
|
Use "networks" for "networks.byaddr"
|
|
Use "hosts" for "hosts.byaddr"
|
|
Use "protocols" for "protocols.bynumber"
|
|
Use "services" for "services.byname"
|
|
Use "aliases" for "mail.aliases"
|
|
Use "ethers" for "ethers.byname"</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The NIS server program is traditionally called <B
|
|
CLASS="COMMAND"
|
|
>ypserv</B
|
|
>. For
|
|
an average network, a single server usually suffices; large networks may
|
|
choose to run several of these on different machines and different segments
|
|
of the network to relieve the load on the server machines and routers.
|
|
These servers are synchronized by making one of them the <I
|
|
CLASS="EMPHASIS"
|
|
>master
|
|
server</I
|
|
>, and the others <I
|
|
CLASS="EMPHASIS"
|
|
>slave servers</I
|
|
>. Maps are
|
|
created only on the master server's host. From there, they are distributed to
|
|
all slaves.</P
|
|
><P
|
|
>
|
|
|
|
We have been talking very vaguely about “networks.” There's a
|
|
distinctive term in NIS that refers to a collection of all hosts that share
|
|
part of their system configuration data through NIS: the
|
|
<I
|
|
CLASS="EMPHASIS"
|
|
>NIS domain</I
|
|
>. Unfortunately, NIS domains
|
|
have absolutely nothing in common with the domains we encountered in DNS. To
|
|
avoid any ambiguity throughout this chapter, we will therefore always specify
|
|
which type of domain we mean.</P
|
|
><P
|
|
>
|
|
|
|
NIS domains have a purely administrative function. They are mostly
|
|
invisible to users, except for the sharing of passwords between all
|
|
machines in the domain. Therefore, the name given to an NIS domain is
|
|
relevant only to the administrators. Usually, any name will do, as long
|
|
as it is different from any other NIS domain name on your local network.
|
|
For instance, the administrator at the Virtual Brewery may choose to
|
|
create two NIS domains, one for the Brewery itself, and one for the
|
|
Winery, which she names <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>brewery</SPAN
|
|
> and
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>winery</SPAN
|
|
> respectively. Another quite
|
|
common scheme is to simply use the DNS domain name for NIS as well.</P
|
|
><P
|
|
>To set and display the NIS domain name of your host, you can use the
|
|
<B
|
|
CLASS="COMMAND"
|
|
>domainname</B
|
|
> command. When invoked without any argument, it
|
|
prints the current NIS domain name; to set the domain name, you must
|
|
become the superuser:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
># <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>domainname brewery</B
|
|
></TT
|
|
></PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>NIS domains determine which NIS server an application will query. For
|
|
instance, the <B
|
|
CLASS="COMMAND"
|
|
>login</B
|
|
> program on a host at the Winery should,
|
|
of course, query only the Winery's NIS server (or one of them, if there
|
|
are several) for a user's password information, while an application on
|
|
a Brewery host should stick with the Brewery's server.</P
|
|
><P
|
|
>
|
|
|
|
One mystery now remains to be solved: how does a client find out which
|
|
server to connect to? The simplest approach would use a configuration
|
|
file that names the host on which to find the server. However, this approach
|
|
is rather inflexible because it doesn't allow clients to use different servers
|
|
(from the same domain, of course) depending on their availability. Therefore,
|
|
NIS implementations rely on a special daemon called <B
|
|
CLASS="COMMAND"
|
|
>ypbind</B
|
|
>
|
|
to detect a suitable NIS server in their NIS domain. Before performing any
|
|
NIS queries, an application first finds out from
|
|
<B
|
|
CLASS="COMMAND"
|
|
>ypbind</B
|
|
> which server to use.</P
|
|
><P
|
|
><B
|
|
CLASS="COMMAND"
|
|
>ypbind</B
|
|
> probes for servers by broadcasting to the local IP
|
|
network; the first to respond is assumed to be the fastest one and
|
|
is used in all subsequent NIS queries. After a certain interval has
|
|
elapsed, or if the server becomes unavailable, <B
|
|
CLASS="COMMAND"
|
|
>ypbind</B
|
|
>
|
|
probes for active servers again.</P
|
|
><P
|
|
>Dynamic binding is useful only when your network provides more than one
|
|
NIS server. Dynamic binding also introduces a security problem.
|
|
<B
|
|
CLASS="COMMAND"
|
|
>ypbind</B
|
|
> blindly believes whoever answers, whether it be a
|
|
humble NIS server or a malicious intruder. Needless to say, this
|
|
becomes especially troublesome if you manage your password databases over NIS.
|
|
To guard against this, the Linux <B
|
|
CLASS="COMMAND"
|
|
>ypbind</B
|
|
> program provides
|
|
you with the option of probing the local network to find the local NIS server,
|
|
or configuring the NIS server hostname in a configuration file.</P
|
|
></DIV
|
|
><H3
|
|
CLASS="FOOTNOTES"
|
|
>Notes</H3
|
|
><TABLE
|
|
BORDER="0"
|
|
CLASS="FOOTNOTES"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
WIDTH="5%"
|
|
><A
|
|
NAME="FTN.X-087-2-FNNI05"
|
|
HREF="x10579.html#X-087-2-FNNI05"
|
|
>[1]</A
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
WIDTH="95%"
|
|
><P
|
|
>DBM is a simple database management library that uses hashing techniques
|
|
to speed up search operations. There's a free DBM implementation from the
|
|
GNU project called <TT
|
|
CLASS="FILENAME"
|
|
>gdbm</TT
|
|
>, which is part of most Linux
|
|
distributions.</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-nis.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-nis.nisplus.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>The Network Information System</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-nis.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>NIS Versus NIS+</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |