221 lines
4.6 KiB
HTML
221 lines
4.6 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>How it works</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="The Linux NIS(YP)/NYS/NIS+ HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="NIS, NYS or NIS+ ?"
|
|
HREF="which.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="The RPC Portmapper
|
|
|
|
|
|
"
|
|
HREF="portmapper.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>The Linux NIS(YP)/NYS/NIS+ HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="which.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
></TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="portmapper.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="OPERATION"
|
|
></A
|
|
>4. How it works</H1
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN167"
|
|
></A
|
|
>4.1. How NIS works </H2
|
|
><P
|
|
>Within a network there must be at least one machine acting as a NIS
|
|
server. You can have multiple NIS servers, each serving different NIS
|
|
"domains" - or you can have cooperating NIS servers, where one is the
|
|
master NIS server, and all the other are so-called slave NIS servers
|
|
(for a certain NIS "domain", that is!) - or you can have a mix
|
|
of them...</P
|
|
><P
|
|
>Slave servers only have copies of the NIS databases and receive these
|
|
copies from the master NIS server whenever changes are made to the
|
|
master's databases. Depending on the number of machines in your
|
|
network and the reliability of your network, you might decide to
|
|
install one or more slave servers. Whenever a NIS server goes down or
|
|
is too slow in responding to requests, a NIS client connected to that
|
|
server will try to find one that is up or faster.</P
|
|
><P
|
|
>NIS databases are in so-called DBM format, derived from ASCII
|
|
databases. For example, the files <TT
|
|
CLASS="FILENAME"
|
|
>/etc/passwd</TT
|
|
> and
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/etc/group</TT
|
|
> can be directly converted to DBM format
|
|
using ASCII-to-DBM translation software (<B
|
|
CLASS="COMMAND"
|
|
>makedbm</B
|
|
>,
|
|
included with the server software). The master NIS server should have
|
|
both, the ASCII databases and the DBM databases.</P
|
|
><P
|
|
>Slave servers will be notified of any change to the NIS maps, (via the
|
|
<B
|
|
CLASS="COMMAND"
|
|
>yppush</B
|
|
> program), and automatically retrieve the
|
|
necessary changes in order to synchronize their databases. NIS clients
|
|
do not need to do this since they always talk to the NIS server to read
|
|
the information stored in it's DBM databases.</P
|
|
><P
|
|
>Old ypbind versions do a broadcast to find a running NIS server.
|
|
This is insecure, due the fact that anyone may install a NIS server
|
|
and answer the broadcast queries. Newer Versions of ypbind
|
|
(ypbind-3.3 or ypbind-mt) are able to get the server from a
|
|
configuration file - thus no need to broadcast.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN180"
|
|
></A
|
|
>4.2. How NIS+ works </H2
|
|
><P
|
|
>NIS+ is a new version of the network information nameservice from Sun.
|
|
The biggest difference between NIS and NIS+ is that NIS+ has
|
|
support for data encryption and authentication over secure RPC.</P
|
|
><P
|
|
>The naming model of NIS+ is based upon a tree structure. Each node in
|
|
the tree corresponds to an NIS+ object, from which we have six types:
|
|
directory, entry, group, link, table and private.</P
|
|
><P
|
|
>The NIS+ directory that forms the root of the NIS+ namespace is called
|
|
the root directory. There are two special NIS+ directories:
|
|
org_dir and groups_dir. The org_dir directory consists of all
|
|
administration tables, such as passwd, hosts, and mail_aliases. The
|
|
groups_dir directory consists of NIS+ group objects which are used for
|
|
access control. The collection of org_dir, groups_dir and their parent
|
|
directory is referred to as an NIS+ domain.</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="which.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="portmapper.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>NIS, NYS or NIS+ ?</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>The RPC Portmapper
|
|
|
|
</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |