Network Information System Saher Hasan Mohammed Department of Computer Science SIUC smohammed@csmail.cs.siu.edu
Outline ● Introduction ● Getting Acquainted with NIS ● Configuration Details ➢ Configuring NIS Server ➢ NIS Server Security ➢ Configuring NIS Client ● Choosing the Right Map ● Pros & Cons of NIS
Introduction ● When running a LAN, the main issue is to provide a network transparent environment for the user ● This can be achieved by keeping vital data such as user information on a central machine ● This provides users with the freedom to move from machine to machine to machine ● Data that is centrally stored doesn't need to be replicated
Contd.. ● Data that is centrally stored does not need to be replicated ● Consistency of the data can be maintained ● Increased flexibility- as the user can move from one host to another ● NIS was developed by Sun, which provides a generic access to database ● NIS is based on RPC
Getting Acquainted with NIS ● NIS keeps database information in files called maps ● Maps contain the information in key value pair ● Maps are stored on a central host running a NIS server ● Clients can retrieve information through various RPC calls
Contd.. ● Maps are usually generated from master text files such as /etc/hosts or /etc/passwd ● Some files can have several maps ● For instance a hosts file can have hosts.byname and host.byaddr if we are searching the hosts file for hostname and IP address respectively
Contd.. ● Master File Map(s) Description /etc/hosts hosts.byname, Maps IP addresses to host ● hosts.byaddr names /etc/networks networks.byname, Maps IP network addresses to ● networks.byaddr network names /etc/passwd passwd.byname, Maps encrypted passwords to ● passwd.byuid user login names /etc/group group.byname, Maps Group IDs to group ● group.bygid names
Contd.. ● Nicknames can be assigned to maps as they are short and easy to type ● Nicknames are only understood by ypcat and ypmatch ● To obtain a full list of nicknames, run the following command ● $ ypcat -x Use " passwd " for " passwd.byname " Use " group " for " group.byname " Use " networks " for " networks.byaddr " Use " hosts " for " hosts.byaddr "
Contd... ● NIS server program is called ypserve ● Network can have any number of NIS server depending of the size of the network ● In case of multipal servers, one of then is master and the rest of them will be slave servers ● Maps are only created on master servers and are distributed to all slave servers
Contd... ● NIS domain is a collection of all hosts that share part of their system configuration data through NIS ● NIS domains have a purely administrative functions ● They are invisible to users ● NIS domain name should be unique on your local network
Contd.. ● To set and display the NIS domain name use the domainname command ● When invoked without any arguments it prints the current NIS domain name ● Only superuser can set the domain name # domainname domain-name ● NIS domains determine which NIS server an application will query
Contd.. ● NIS implementation relyies on a special deamon called ypbind to detect a suitable NIS server in theire domains ● An application first finds out from ypbind which server to use ● ypbind probes for server by broadcasting to the local IP network, the first to respond is assumed to be faster one and is used in all subsequent NIS queries
Configuring NIS Server ● Two possible NIS server configurations master and slave ● Slave server acts as a live backup machine if the master server fails ● Install the server program, ypserv, in /usr/sbin ● Create the directory which holds the maps /var/yp/ domain-name
Contd.. ● Server determines whether it is serving a particular NIS domain by checking if the map directory is present Maps are usually stored in DBM files to speed up the lookups ● Maps are created from the master files using a program called dbmload ● Transforming a master files into a form that dbmload can parse is usuallya tedious process
Contd.. ● The server program, ypserv contains a Makefile program that manages the conversion of the most common master files install it as Makefile in the map directory and edit it to reflect the maps that the NIS server has to share ● After editing the Makefile , while in the map directory , type make ● This will automatically generate and install the maps
NIS Server Security ● NIS server security is based on securenets ● It simply restricts access to the NIS server to certain hosts, based on their IP address or network number ● ypserv implements this feature in three ways ● The first option is to use the /etc/hosts.allow and /etc/hosts.deny
Contd... ● To restricts access to hosts from within a particular domain, add the following lines to hosts.allow ypser: 172.16.2. ● This will allow all hosts from IP network 172.16.2.0 access the NIS server ● Similarly to shut out other hosts add the following entry in hosts.deny ypser:ALL
Contd.. ● The second option relies on a special configuration file called /etc/ypserv.securenets ● This configuration file is simple in structure ● Each line describes a host that will be allowed access to the server ● Any address not describes by an entry in this file will be refused access
Contd... ● A third option is to use the secure portmapper instead of the securenet option on ypserv ● The secure portmapper uses the hosts.allow scheme as well, but offers this for all RPC server, not just ypserv ● Both the securenets option and the secure portmapper should not be used at the same time, because of the overhead this authorization incurs
Configuring NIS Client ● The first step is to tell the NIS client which server to use for the NIS services ● ypbind is used to configure the NIS server to use ● The default behavior is to query the server on the local network ● If the host is mobile it is better to leave the /etc/yp.conf file empty and it would query on the local network for the local NIS server wherever it happens to be
Contd... ● A more secured configuration is to set the server name in the /etc/yp.conf configuration file # yp.conf–YP configuration for the GNU libc library # ypserver server-name ● The ypserver statement tells the hosts to use the supplied NIS server for the local domain ● Alternatively IP address can also be used as an argument
Contd... ● In the from shown above, the ypserver command tells ypbind to use the named server regardless of what the current NIS domain may be ● If the client is moving between different NIS domains frequently, information for several domains can be kept in the yp.conf file
Contd... ● Information can be maintained on the servers for various NIS domains in the yp.conf by using the domain statement # yp.conf – YP configuration for the GNU libc library # domain A server server-nameA domain B server server-nameB ● This lets the laptop to be used in either of the two domains at the boot time using the domainname command
Choosing The Right Map ● It is important to decide which configuration files to replace or augment with NIS maps ● Commonly NIS map are used for host and password lookup functions ● Generally choice has to be made when a look up function uses the local files, when it queries he NIS server, and when it uses other servers such as DNS
Contd.. ● This is controlled through /etc/nsswitch.conf, which stands for Name Service Switch ● For any of the data lookup function this file contains a line naming the service to use ● The right order of the services depends on the type of the data each service is offering ● services.byname map will contain same entries as present in local services file, so its better to query the local files first
Contd... ● Host name information may change frequently so the NIS server should always have the most accurate account, while the local hosts file is only kept as a backup if the NIS should fail ● For hostsnames, check the local file last
Pros & Cons of NIS ● NIS is easy to learn and implement ● NIS is not suitable for managing a large of machines ● NIS does not have any process to link NIS domains ● NIS slave server needs to poll the master server regularly to get the latest information on maps ● If slave server is inaccessible then slave will have a different version of maps
Recommend
More recommend