NIS domain NIS makes a common set of information available to systems on a network. The network, referred to as an NIS domain, is characterized by each system having the same NIS domain name (different than a (DNS) domain name [page 1030]). Technically, an NIS domain is a set of NIS maps, or database files.
Master and slave servers Each NIS domain must have exactly one master server; larger networks may have slave servers. Each slave server holds a copy of the NIS database from the master. The need for slave servers is based on the size of the NIS domain and the reliability of the systems and network. A system can belong to only one NIS domain at a time. When a client determines that a server is down or is not responding fast enough, it selects another server, as specified in the configuration file. If it cannot reach a server, ypbind terminates with an error.
nsswitch.conf Whether a system uses NIS, DNS, local files, or a combination as the source of certain information, and in what order, is determined by /etc/nsswitch.conf (page 435). When it needs information from the NIS database, a client requests the information from the NIS server. For example, when a user attempts to log in, the client system may authenticate the user with name and password information from the NIS server. You can configure nsswitch.conf to cause /etc/passwd to override NIS password information for the local system. When you do not export the root account to NIS (and you should not), this setup allows you to have a unique root password for each system.
Source files Under Red Hat Linux, NIS derives the information it offerssuch as usernames, passwords, and local system names and IP addressesfrom local ASCII configuration files such as /etc/passwd and /etc/hosts. These files are called source files or master files. (Some administrators avoid confusion by using different files for local configuration and NIS source information.) An NIS server can include information from as many of the following source files as is appropriate:
The information that NIS offers is based on files that change from time to time; NIS is responsible for making this changing information available in a timely manner to all systems in the NIS domain.
NIS maps Before NIS can store the information contained in a source file, it must be converted to a dbm (page 1028) format file called a map. Each map is indexed on one field (column). Records (rows) from a map can be retrieved by specifying a value from the indexed field. Some files generate two maps, each indexed on a different field. For example, the /etc/passwd file generates two maps: one indexed by username, the other indexed by UID. These maps are named passwd.byname and passwd.byuid.
Map names The names of the maps that NIS uses correspond to the files in the /var/yp/nisdomainname directory on the master server, where nisdomainname is the name of the NIS domain: $ ls /var/yp/mgs group.bygid mail.aliases protocols.byname services.byname group.byname netid.byname protocols.bynumber services.byservicename hosts.byaddr passwd.byname rpc.byname ypservers hosts.byname passwd.byuid rpc.bynumber
Map nicknames To make it easier to refer to NIS maps, you can assign nicknames to maps. The /var/yp/nicknames file contains a list of commonly used nicknames. View the nicknames file or give the command ypcat x to display the list of nicknames: $ cat /var/yp/nicknames passwd passwd.byname group group.byname networks networks.byaddr hosts hosts.byname protocols protocols.bynumber services services.byname aliases mail.aliases ethers ethers.byname Each line in nicknames contains a nickname followed by whitespace and the name of the map the nickname refers to. You can add, remove, or modify nicknames by changing the nicknames file.
Displaying maps The ypcat and ypmatch utilities display information from the NIS maps. Using the nickname passwd, the following command displays the information contained in the passwd.byname map: $ ypcat passwd mark:$1$X4JAzD0.$c.64fRCLPvQNSmq9qrfYv/:500:500:Mark Sobell:/home/mark:/bin/bash ... By default, NIS stores passwords only for users with UIDs less than 500 (see MINUID, on page 666). Thus ypcat does not display lines for root, bin, and other system entries. You can display password information for a single user with ypmatch: $ ypmatch mark passwd mark:$1$X4JAzD0.$c.64fRCLPvQNSmq9qrfYv/:500:500:Mark Sobell:/home/mark:/bin/bash You can retrieve the same information by filtering the output of ypcat through grep, but ypmatch is more efficient because it searches the map directly, using a single process. The ypmatch utility works on the key for the map only. To match members of the group or other fields not in a map, such as the GECOS (page 1033) field in passwd, you need to use ypcat with grep: $ ypcat passwd | grep -i sobell mark:$1$X4JAzD0.$c.64fRCLP9qrfYv/:500:500:Mark Sobell:/home/mark:/bin/bash
Terminology This chapter uses the following definitions: NIS source files The ASCII files that NIS obtains information from NIS maps The dbm-format files created from NIS source files NIS database The collection of NIS maps More Information
Local man pages domainname, makedbm, netgroup, revnetgroup, ypbind, ypcat, ypinit, ypmatch, yppasswd, yppoll, yppush, ypset, ypserv, ypserv.conf, ypwhich, ypxfr, ypxfrd (Some of these are installed only when you install ypserv, which is needed when you run an NIS server [page 663].)
Web www.linux-nis.org |