Linux Network Administrator Manual (10)

Article title: Linux Network Administrator Manual (10 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Chapter 10 network information system
When you run a LAN, your entire target usually provides a clear and transparent network environment for your users.
An important step to achieve this is to synchronize important data (such as user account information) between all hosts.
As we have seen before, for host name resolution, there is a powerful and complex service, that is, DNS. For other
There is no such special service. In addition, if you only manage a small LAN without Internet connection
For many administrators, installing and setting DNS is not worthwhile.
That is why Sun has developed the NIS (Network Information System ). Provided by NIS
The universal database access facility can be used to distribute information to all hosts on your network, such as passwd and grou.
Ps file information. This makes the network look like an independent system with the same account on all hosts.
. In the same way, you can use NIS to distribute host name information from/etc/hosts to all machines on the network.
　　
NIS is RPC-based and consists of a server, a client library, and several management tools. At first, NIS was called
Yellow Pages, or YP, still use this name for informal reference. On the other hand,
Yellow Pages is the trademark of British Telecom, which has always asked Sun to change the name. As the situation develops
Some names are already inseparable from people, so YP continues to exist in the form of prefix with NIS-related commands, such as yps
Erv, ypbind, and so on.
Today, almost all UN * X includes NIS, and even has its free implementation version. One is Net-2 from BSD
The row version is derived from the public domain reference implementation donated by Sun. This version of client library code already exists in GNU libc for a long time
However, the hypervisor was only recently ported to Linux by Swen thümmler [1. In this reference implementation
An NIS server program is missing. Tobias Reber has prepared another NIS software package, which includes all
Tool and a server; the software package is called yps. [2]
Currently, a fully rewritten NIS code called NYS has been compiled by Peter Eriksson [3], which supports common
NIS and Sun have undergone many amendments to NIS +. NYS not only provides an NIS tool set and a server, but also adds
A new library function set, which may eventually be added to the standard libc. This includes replacing the current
A new setting scheme for host. conf host name resolution. The features of these functions will be discussed below.
This chapter will focus on NYS rather than the other two software packages, which I will refer to as "traditional" NIS
Code. If you really want to run any of these software packages, the instructions in this chapter may be enough.
To obtain additional information, obtain a standard (authoritative) book about NIS, such as NFS and NIS like Hal Stern.
(See [Stern92]).
Currently, NYS are still in the development stage, so standard Linux tools such as network programs or login programs have not noticed NYS
. Only when NYS are merged into mainstream libc, if you want to make all these execution programs use NYS,
You need to recompile them. In Makefiles of any of these applications, specify-lnsl
The last linker option. This will connect the related functions from the libnsl-NYS Library, replacing the connection from the standard C library
.
10.1 understand NIS
NIS stores database information in maps that contain key-value pairs. Maps is stored on the central host running the NIS server.
From this host, the customer can retrieve information through various RPC calls. Maps are stored in DBM files most frequently.
. [4]
Maps itself is generated from main text files (such as/etc/hosts or/etc/passwd. For some files
Generate several maps. each search key type corresponds to one. For example, you can search hosts files for host names and IP addresses.
Correspondingly, two NIS maps are generated, namely hosts. byname and hosts. byaddr. Table 10.1 Lists
General maps and the files they generate.
Master File Map (s)
/Etc/hosts
/Etc/networks
/Etc/passwd
/Etc/group
/Etc/services
/Etc/rpc
/Etc/protocols
/Usr/lib/aliases Hosts. byname hosts. byaddr
Networks. byname networks. byaddr
Passwd. byname passwd. byuid
Group. byname group. bygid
Services. byname services. bynumber
Rpc. byname rpc. bynumber
Protocols. byname protocols. bynumber
Mail. aliases
Table 10.1 provides some standard NIS maps and related files.
In some NIS software packages or other software, there are other files and maps that you may find useful. These files and
Maps may contain information about applications that have not been discussed in this book. for example, maps may be used for B in some BOOTP servers.
Ootparams maps, or files that do not currently contain any function in Linux (like ethers. byname and ethers)
. Byaddr maps ).
For some maps, people usually use nicknames, which are short and easy to type. To get you
The complete list of nicknames that the NIS tool can understand. run the following command:
$ Ypcat? X
NIS map nickname translation table:
"Passwd"-> "passwd. byname"
"Group"-> "group. byname"
"Networks"-> "networks. byaddr"
"Hosts"-> "hosts. byname"
"Protocols"-> "protocols. bynumber"
"Services"-> "services. byname"
"Aliases"-> "mail. aliases"
"Ethers"-> "ethers. byname"
"Rpc"-> "rpc. bynumber"
"Netmasks"-> "netmasks. byaddr"
"Publickey"-> "publickey. byname"
"Netid"-> "netid. byname"
"Passwd. adjunct"-> "passwd. adjunct. byname"
"Group. adjunct"-> "group. adjunct. byname"
"Timezone"-> "timezone. byname"
The NIS server is traditionally called ypserv. For a medium-size Network, a single server is usually enough; large
A network may need to run several servers on different network segments and machines to reduce the number of servers and routes.
The load of the generator. By using one of these servers as the master server and other servers
Server (slave servers) to synchronize these servers. Maps will only be created on the master server. Slave master server
Distribute them to all servers.
You may have noticed that we have been vague about "network"; of course, the NIS that reference such a network exist
The concept of a public, that is, a set of all hosts that share part of their system configuration data through NIS: NIS domain. No
Fortunately, the NIS domain has nothing in common with the domain we encounter in DNS. To avoid ambiguity in this Chapter
I will always point out which type of domain I am talking about.
The NIS domain only has pure management functions. They are mostly invisible to users, except
Password sharing. Therefore, the name given to the NIS domain is only related to the administrator. Generally, you can use any name.
The word is different from other NIS domain names on your local network. For example, the administrator of a virtual brewery can choose to create two
NIS domain, one for the brewery itself, and the other for the wine factory. she named it brewery and wi respectively.
Nery. Another common solution is simply using DNS domain names as NIS domain names. To set and display your host
You can use the dommainname command. When no parameter is added, it prints the current NIS domain name;
To set this domain name, you must become a super user and enter:
# Domainname brewery
The NIS domain determines which NIS server an application will query. For example
The login program (of course) will only be directed to the NIS server of the wine factory (or one of them, if there are multiple services
The application on the brewery host only queries the servers of the brewery.
There is another question to solve, that is, how a customer knows which server to connect. The simplest way
There is a configuration file that provides the host name on which you want to find the server. However, this method is not flexible.
Because it does not allow customers to use different servers based on whether these servers exist (of course, from the same domain ).
Therefore, the traditional NIS implementation relies on a special background program called ypbind to detect an appropriate
The NIS server. Before you can execute any NIS query, any application first needs to find out which
Servers.
Ypbind detects the server by broadcasting to the local IP network. the server with the first response is basically the fastest
It will be used for subsequent NIS queries. After an interval expires, or if the server does not work, ypbind will
Detects the running server.
Now, the argument about dynamic binding is that you seldom need it, and it brings security issues: ypbind is blind.
Trust any responder, and this responder may be a humble NIS server or a malicious incoming
Intrusion. Needless to say, if you manage your password database on NIS, this will become especially troublesome. To prevent this
NYS does not use ypbind by default, but obtains the server host name from a configuration file.
10.2 NIS and NIS +
NIS and NIS + have very few similarities except their names and common targets. NIS + is a completely different party.
. It uses a hierarchical namespace similar to DNS, rather than a flat namespace and loose disconnects
NIS domain. It uses a so-called table (tables) consisting of rows and columns instead of maps. in the NIS + database, each table
A row represents an object, and a column represents the attributes of the object that NIS + knows about. Each of the given NIS + domains
Tables are composed of their parent fields. In addition, an entry in a table can contain links to another table. These features enable
It is possible to construct information using many methods.
The RPC version of the traditional NIS is 2, while the NIS + version is 3.
NIS + does not seem to be widely used so far, and I do not know much about it. (Well, I know nothing about it)