Introduction to NIS network information system

Article title: NIS network information system overview. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
When running a LAN, the system administrator usually aims to provide users with a transparent network environment. An important step to achieve this is to synchronize important data (such as user account information) between all hosts. As we have seen before, for host name resolution, there is a powerful and complex service, that is, DNS. There is no such special service for other tasks. In addition, if you only manage a small LAN without Internet connection, it is not worthwhile for many administrators to install and set DNS.
　　
That is why Sun has developed the NIS (Network Information System ). NIS provides universal database access facilities to distribute information to all hosts on your network, such as information contained in passwd and groups files. This makes the network look like an independent system with the same account on all hosts. You can synchronize the host name information in/etc/hosts to all machines on the network through NIS in the same way.
　　
NIS is RPC-based and consists of a server, a client library, and several management tools. At first, NIS were called Yellow Pages or YP, and now they still use this name to refer to the service in an informal way. On the other hand, Yellow Pages is the trademark of British Telecom, which has always asked Sun to change the name. With the development of the situation, some names are already inseparable from people. Therefore, YP continues to exist in the form of prefix with NIS commands, such as ypserv and ypbind.
Today, almost all UN * X includes NIS, and even has its free implementation version. One is the Net-2 release from BSD, which is derived from the public domain reference implementation donated by Sun. This version of client library code has been in GNU libc for a long time, and the hypervisor was only recently transplanted to Linux by Swen thümmler [1. An NIS server program is missing in this reference implementation. Tobias Reber has developed another NIS software package, which includes all the tools and one server. this software package is called yps. [2]
Currently, a fully rewritten NIS code called NYS has been compiled by Peter Eriksson [3]. it supports common NIS and Sun's frequently-modified NIS +. NYS not only provides an NIS tool set and a server, but also adds a new library function set, which may eventually be added to the standard libc. This includes replacing a new setting scheme for host name resolution using host. conf. The features of these functions will be discussed below.
　　
This chapter will focus on NYS rather than the other two software packages, which I will refer to as "traditional" NIS code. If you really want to run any of these software packages, the instructions in this chapter may be enough. To obtain additional information, please obtain a standard (authoritative) book about NIS, such as NFS and NIS like Hal Stern (see [Stern92]).
Currently, NYS are still in the development stage. Therefore, standard Linux tools such as network programs or login programs have not noticed the NYS configuration scheme. Only when NYS are merged into mainstream libc, if you want to make all these execution programs use NYS, you need to recompile them. In Makefiles of any of these applications, specify-lnsl as the last linker option before libc. This will connect the related functions from the libnsl-NYS Library, replacing the connection from the standard C library.
　　
10.1 understand NIS
NIS stores database information in maps that contain key-value pairs. Maps is stored in the central host running the NIS Server. from this host, you can retrieve information through various RPC calls. Most frequently, maps are stored in DBM files. [4]
　　
Maps itself is generated from main text files (such as/etc/hosts or/etc/passwd. For some files, several maps are generated, and each search key type corresponds to one. For example, you can search hosts files for host names and IP addresses. Correspondingly, two NIS maps are generated, namely hosts. byname and hosts. byaddr. Table 10.1 Lists general maps and their generated files.
　　
Master File Map (s)
/Etc/hosts
/Etc/networks
/Etc/passwd
/Etc/group
/Etc/services
/Etc/rpc
/Etc/protocols
/Usr/lib/aliases Hosts. byname hosts. byaddr
Networks. byname networks. byaddr
Passwd. byname passwd. byuid
Group. byname group. bygid
Services. byname services. bynumber
Rpc. byname rpc. bynumber
Protocols. byname protocols. bynumber
Mail. aliases
　　
Table 10.1 provides some standard NIS maps and related files.
　　
In some NIS software packages or other software, there are other files and maps that you may find useful. These files and maps may contain information about applications that have not been discussed in this book. for example, they may be used for bootparams maps in some BOOTP servers, or, in Linux, there are currently no function files (like ethers. byname and ethers. byaddr maps ).
For some maps, people usually use nicknames, which are short and easy to type. To obtain a complete list of nicknames that your NIS tool can understand, run the following command:
　　
$ Ypcat? X
NIS map nickname translation table:
"Passwd"-> "passwd. byname"
"Group"-> "group. byname"
"Networks"-> "networks. byaddr"
"Hosts"-> "hosts. byname"
"Protocols"-> "protocols. bynumber"
"Services"-> "services. byname"
"Aliases"-> "mail. aliases"
"Ethers"-> "ethers. byname"
"Rpc"-> "rpc. bynumber"
"Netmasks"-> "netmasks. byaddr"
"Publickey"-> "publickey. byname"
"Netid"-> "netid. byname"
"Passwd. adjunct"-> "passwd. adjunct. byname"
"Group. adjunct"-> "group. adjunct. byname"
"Timezone"-> "timezone. byname"
　　
The NIS server is traditionally called ypserv. A single server is usually enough for a medium-size network. a large network may need to run several servers on different network segments and on different machines, to reduce the load on servers and routers. By using one of these servers as the master server and other servers as the slave servers, these servers are synchronized. Maps will only be created on the master server. Distribute them from the primary server to all secondary servers.
You may have noticed that we have been vague about "network". of course, there is a different concept in the NIS that reference such a network, that is, a set of all hosts that share some of their system configuration data through NIS: NIS domain. Unfortunately, the NIS domain has nothing in common with the domain we encounter in DNS. To avoid ambiguity in this chapter, I will always point out which type of domain I am talking about.
The NIS domain only has pure management functions. For users, they are mostly invisible except for sharing passwords between all machines in the domain. Therefore, the name given to the NIS domain is only related to the administrator. Generally, you can use any name, as long as it is different from other NIS domain names on your local network. For example, the administrator of a virtual winery can choose to create two NIS domains, one for the brewery itself, and the other for a wine factory. she named it brewery and winery respectively. Another common solution is simply using DNS domain names as NIS domain names. To set and display the NIS domain name of your host, you can use the dommainname command. When no parameter is added, it prints the current NIS domain name. to set this domain name, you must become a super user and type:
　　
# Domainname brewery
　　
The NIS domain determines which NIS server an application will query. For example, the login program (of course) on the Winery host will only be directed to the NIS server of the Winery (or one of them, if there are multiple servers) queries user password information, while applications on the brewery host only query the servers of the brewery.
There is another question to solve, that is, how a customer knows which server to connect. The simplest way is to have a configuration file that provides the host name on which you want to find the server. However, this approach is very inflexible because it does not allow customers to use different servers (of course, from the same domain) based on whether these servers exist ). Therefore, the traditional NIS implementation relies on a special background program called ypbind to detect an appropriate NIS server in their NIS domain. Before any NIS query can be executed, any application must first find the server to use from ypbind.
Ypbind detects the server by broadcasting to the local IP network. the server with the first response assumes that it is the fastest and will be used for subsequent NIS queries. After an interval expires, or if the server does not work, ypbind will detect the running server again.
Now, the argument about dynamic binding is that you seldom need it, and it brings security issues: ypbind blindly believes in any responder, this responder may be a humble NIS server or a malicious intruder. Needless to say, if you manage your password database on NIS, this will become especially troublesome. To prevent this problem, NYS does not use ypbind by default, but retrieves the server host name from a configuration file.
　　
10.2 NIS and NIS +
NIS and NIS + have very few similarities except their names and common targets. NIS + is composed of a completely different method. It uses a hierarchical namespace similar to DNS, rather than a flat namespace and a loosely separated NIS domain. It uses a so-called table composed of rows and columns instead of maps. in NIS + database, each row of the table represents an object, the column indicates the attributes of the object that NIS + knows about. Each table of a given NIS + domain is composed of its parent domain. In addition, an entry in a table can contain links to another table. These features make it possible to construct information using many methods.
The RPC version of the traditional NIS is 2, while the NIS + version is 3.
NIS + does not seem to be widely used so far, and I do not know much about it. (Well, I know nothing about it ). For this reason, we will not involve it here. If you are interested in it and want to learn more, please refer to Sun's NIS + Management Manual ([NISPlus]).
　　
NIS on the client side 10.3
If you are familiar with compiling or porting network applications, you will notice that many of the NIS maps listed above correspond to library functions in the C library. For example, to obtain passwd information, you usually use the getpwnam (3) and getpwuid (3) functions to return the account information corresponding to the given user name or numeric user ID. In normal environments, these functions will execute request searches in standard files (such as/etc/passwd.
However, these letters