How NIS Works


How NIS Works

NIS domain

NIS makes a common set of information available to systems on a network. The network, referred to as an NIS domain, is characterized by each system having the same (different than a (DNS) [page ]). Technically, an NIS domain is a set of NIS maps, or database files.

Master and slave servers

Each NIS domain must have exactly one master server; larger networks may have slave servers. Each slave server holds a copy of the NIS database from the master. The need for slave servers is based on the size of the NIS domain and the reliability of the systems and network. A system can belong to only one NIS domain at a time.

When a client determines that a server is down or is not responding fast enough, it selects another server, as specified in the configuration file. If it cannot reach a server, ypbind terminates with an error.

nsswitch.conf

Whether a system uses NIS, DNS, local files, or a combination as the source of certain information, and in what order, is determined by /etc/nsswitch.conf (page ). When it needs information from the NIS database, a client requests the information from the NIS server. For example, when a user attempts to log in, the client system may authenticate the user with name and password information from the NIS server.

You can configure nsswitch.conf to cause /etc/passwd to override NIS password information for the local system. When you do not export the root account to NIS (and you should not), this setup allows you to have a unique root password for each system.

Source files

Under CentOS Linux, NIS derives the information it offerssuch as usernames, passwords, and local system names and IP addressesfrom local ASCII configuration files such as /etc/passwd and /etc/hosts. These files are called source files or master files. (Some administrators avoid confusion by using different files for local configuration and NIS source information.) An NIS server can include information from as many of the following source files as is appropriate:

/etc/group

Defines groups and their members

/etc/gshadow

Provides shadow passwords for groups

/etc/hosts

Maps local systems and IP addresses

/etc/passwd

Lists user information

/etc/printcap

Lists printer information

/etc/rpc

Maps RPC program names and numbers

/etc/services

Maps system service names and port numbers

/etc/shadow

Provides shadow passwords for users


The information that NIS offers is based on files that change from time to time; NIS is responsible for making this changing information available in a timely manner to all systems in the NIS domain.

NIS maps

Before NIS can store the information contained in a source file, it must be converted to a (page ) format file called a map. Each map is indexed on one field (column). Records (rows) from a map can be retrieved by specifying a value from the indexed field. Some files generate two maps, each indexed on a different field. For example, the /etc/passwd file generates two maps: one indexed by username, the other indexed by UID. These maps are named passwd.byname and passwd.byuid.

Optional

NIS maps correspond to C library functions. The getpwnam() and getpwuid() functions obtain username and UID information from /etc/passwd on non-NIS systems. On NIS systems, these functions place RPC calls to the NIS server in a process that is transparent to the application calling the function.


Map names

The names of the maps that NIS uses correspond to the files in the /var/yp/nisdomainname directory on the master server, where nisdomainname is the name of the NIS domain: 

$ ls /var/yp/mgs
group.bygid     mail.aliases    protocols.byname        services.byname
group.byname    netid.byname    protocols.bynumber      services.byservicename
hosts.byaddr    passwd.byname   rpc.byname              ypservers
hosts.byname    passwd.byuid    rpc.bynumber

Map nicknames

To make it easier to refer to NIS maps, you can assign nicknames to maps. The /var/yp/nicknames file contains a list of commonly used nicknames. View the nicknames file or give the command ypcat x to display the list of nicknames: 

$ cat /var/yp/nicknames
passwd           passwd.byname
group            group.byname
networks         networks.byaddr
hosts            hosts.byname
protocols        protocols.bynumber
services         services.byname
aliases          mail.aliases
ethers           ethers.byname

Each line in nicknames contains a nickname followed by whitespace and the name of the map the nickname refers to. You can add, remove, or modify nicknames by changing the nicknames file.

Displaying maps

The ypcat and ypmatch utilities display information from the NIS maps. Using the nickname passwd, the following command displays the information contained in the passwd.byname map: 

$ ypcat passwd
mark:$1$X4JAzD0.$c.64fRCLPvQNSmq9qrfYv/:500:500:Mark Sobell:/home/mark:/bin/bash
...

By default, NIS stores passwords only for users with UIDs less than 500 (see MINUID, on page ). Thus ypcat does not display lines for root, bin, and other system entries. You can display password information for a single user with ypmatch: 

$ ypmatch mark passwd
mark:$1$X4JAzD0.$c.64fRCLPvQNSmq9qrfYv/:500:500:Mark Sobell:/home/mark:/bin/bash

You can retrieve the same information by filtering the output of ypcat through grep, but ypmatch is more efficient because it searches the map directly, using a single process. The ypmatch utility works on the key for the map only. To match members of the group or other fields not in a map, such as the GECOS (page ) field in passwd, you need to use ypcat with grep: 

$ ypcat passwd | grep -i sobell
mark:$1$X4JAzD0.$c.64fRCLP9qrfYv/:500:500:Mark Sobell:/home/mark:/bin/bash

Terminology

This chapter uses the following definitions:

NIS source files The ASCII files that NIS obtains information from

NIS maps The dbm-format files created from NIS source files

NIS database The collection of NIS maps

More Information

Local

man pages domainname, makedbm, netgroup, revnetgroup, ypbind, ypcat, ypinit, ypmatch, yppasswd, yppoll, yppush, ypset, ypserv, ypserv.conf, ypwhich, ypxfr, ypxfrd (Some of these are installed only when you install ypserv, which is needed when you run an NIS server [page ].)

Web