Using NIS+
Using NIS+
The following examples provide some real-world cases for installing and running NIS/NIS+, using the name service switch. You might be wondering, in a mixed network information service environment comprising NIS maps, NIS+ tables, and DNS servers, how name services are selected to resolve particular requests. The answer provided in Solaris 2.x is the name service switch, whose configuration is specified in the file /etc/nsswitch.conf. Non-NIS+ users who performed Solaris 1 to Solaris 9 upgrades know this as the pesky file that appeared to prevent DNS from working; however, the name service switch is very useful because it enables the administrator to configure which name service handles specific kinds of requests. It is also possible to specify more than one kind of service for every kind of request; thus, if a request fails on the default service, it can be applied to a different service. For example, to resolve hostnames, many sites will have at least some local hostnames statically hardwired into the /etc/hosts database. In addition, many sites connected to the Internet will use the DNS for resolving hostnames. Where does this leave the relative sophistication of NIS+ namespaces, or the legacy of NIS maps? The answer is that files, DNS, NIS, and NIS+ can be configured to be selected as the first, second, third, and fourth choices as the default name service for resolving hosts in /etc/nsswitch.conf. For example, the line
hosts: files dns nisplus nis
indicates that the /etc/hosts file should be consulted first, and if a match cannot be found for a hostname, try DNS second. If DNS fails to resolve, then NIS+ should be tried. As a last resort, NIS map resolution can be attempted. This is a useful setup for a network that makes great use of the Internet, and relies less on NIS+ and NIS. Of course, many NIS+ advocates would suggest using the line
hosts: nisplus nis files dns
because this ensures that NIS+ is always selected over the /etc/hosts database or DNS.
In addition to host resolution, nsswitch.conf also allows the configuration of 14 other options, which roughly correspond to the contents of the NIS+ tables and/or the NIS maps. A NIS+ oriented nsswitch.conf file would look like this:
passwd: files nisplus group: files nisplus hosts: nisplus dns [NOTFOUND=return] files services: nisplus [NOTFOUND=return] files networks: nisplus [NOTFOUND=return] files protocols: nisplus [NOTFOUND=return] files rpc: nisplus [NOTFOUND=return] files ethers: nisplus [NOTFOUND=return] files netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files publickey: nisplus netgroup: nisplus automount: nisplus files aliases: nisplus files sendmailvars: nisplus files
In most of these situations NIS+ is consulted before the files, except for the password and group information. In addition, DNS is listed as a host resolution method after NIS+. However, it would also be possible to implement a bare-bones system that only relied on files for most resource information and DNS for name resolution:
passwd: files group: files hosts: dns [NOTFOUND=return] files networks: files protocols: files rpc: files ethers: files netmasks: files bootparams: files publickey: files netgroup: files automount: files aliases: files services: files sendmailvars: files
Before any other services may be installed, NIS+ requires that the master server for the root domain be created. The master server will primarily be responsible for the management of the NIS+ namespace. For example, for the Panther.Edu. domain, the DNS server (ns.panther.edu) will also be used for NIS+. This means that the nisserver script can be executed on the DNS server system (ns.panther.edu) in order to initialize the master server for the root domain:
ns.panther.edu# nisserver –r –d Panther.Edu. This script sets up this machine "ns" as an NIS+ root master server for domain Panther.Edu.. Domain name : Panther.Edu. NIS+ group : admin.Panther.Edu. NIS (YP) compatibility : OFF Security level : 2=DES Is this information correct? (type 'y' to accept, 'n' to change) y This script will set up your machine as a root master server for domain Panther.Edu. without NIS compatibility at security level 2. Use "nisclient -r" to restore your current network service environment. Do you want to continue? (type 'y' to continue, 'n' to exit this script) setting up domain information "Panther.Edu." ... setting up switch information ... running nisinit ... This machine is in the "Panther.Edu." NIS+ domain. Setting up root server . starting root server at security level 0 to create credentials... running nissetup to create standard directories and tables ... running nissetup to create standard directories and tables ... org_dir.Panther.Edu. created groups_dir.Panther.Edu. created passwd.org_dir.Panther.Edu. created group.org_dir.Panther.Edu. created auto_master.org_dir.Panther.Edu. created auto_home.org_dir.Panther.Edu. created bootparams.org_dir.Panther.Edu. created cred.org_dir.Panther.Edu. created ethers.org_dir.Panther.Edu. created hosts.org_dir.Panther.Edu. created ipnodes.org_dir.Panther.Edu. created mail_aliases.org_dir.Panther.Edu. created sendmailvars.org_dir.Panther.Edu. created netmasks.org_dir.Panther.Edu. created netgroup.org_dir.Panther.Edu. created networks.org_dir.Panther.Edu. created protocols.org_dir.Panther.Edu. created rpc.org_dir.Panther.Edu. created services.org_dir.Panther.Edu. created timezone.org_dir.Panther.Edu. created client_info.org_dir.Panther.Edu. created auth_attr.org_dir.Panther.Edu. created exec_attr.org_dir.Panther.Edu. created prof_attr.org_dir.Panther.Edu. created user_attr.org_dir.Panther.Edu. created audit_user.org_dir.Panther.Edu. created adding credential for ns.Panther.Edu... Enter login password: creating NIS+ administration group: admin.Panther.Edu. ... adding principal ns.Panther.Edu. to admin.Panther.Edu. ... restarting NIS+ root master server at security level 2 ... starting NIS+ password daemon ... starting NIS+ cache manager ... This system is now configured as a root server for domain Panther.Edu. You can now populate the standard NIS+ tables by using the nispopulate script or /usr/lib/nis/nisaddent command.
That’s all that’s required for NIS+ support. However, in order to enable support for NIS clients within the domain, you would need to use the following command instead:
ns.panther.edu# nisserver –Y –r –d Panther.Edu.
