[COLUG] shout out to Solaris Gurus

William Yang wyang at gcfn.net
Sat Jun 16 07:35:31 EDT 2007 

Drew wrote:
> Hey,
> 
> I know this is a little off topic, but I'm so confused.  Maybe I'm
> missing something.  So in the Solaris installation it asks you what you
> want to use for name resolution NIS, NIS+, DNS etc...  I am reading up
> on (Solaris and) nfs right now.  I was reading about how NIS  can do
> this as well, and how alledgedly it can do some LDAP type stuff.

Remember, Sun *invented* NFS.  And this created a problem -- how do you
make sure *IX UIDs and GIDs (which is the foundation of the security model
for the *IX filesystem) get shared between systems?  Enter NIS.

NIS (Network Information Services, also known as 'yp' [yellow pages, name
changed due to a trademark dispute]) is a centralized network
authentication data system for *IX systems.  NIS+ is a successor to NIS,
which came out in the mid 90's with Sun Solaris 2, was NIS+, which
integrated better hierarchy segmentation and security functionality.  LDAP
started being deployed, generally, much later than NIS/YP -- probably 15 or
more years.  You can say that LDAP has aspects of being a later generation
system, that can solve the same problems as NIS and NIS+ (and more).

> My question is what exactly IS NIS? What's it supposed to do?

NIS is a series of daemons -- ypbind on the clients, ypserv on the server,
that runs in conjunction with the portmapper and/or rpcbind, that are
accessed through core system library calls and specially written client
programs to look up certain kinds of information.  It's used to centrally
maintain critical system configuration files that should be common
throughout a business unit or organization.  If I recall correctly, the
core maps in NIS/YP were the passwd, group, hosts, network, services,
ethers, netmasks, aliases, and... netgroup, I think, files.  Any single-key
index map created with the appropriate 'dbm' style manager (ndbm, back in
the day) could be shared through NIS.

The 'nsswitch' file (/etc/nsswitch.conf) is configured on clients to
instruct the system where to look for various things.  You may also
occasionally see the convention of '+::::::' in /etc/passwd files on older
NIS-capable systems, which was the switch directive in the days prior to
nsswitch.conf....

> How widely is it implemented (Basically
> trying to discern how familiar I should become with it).  Does anyone
> know how familiar you have to be to be SUN certified?

It saw wide use in academic environments.  Sun worked hard to make it the
default setting for any environment with two or more of their systems (I
don't remember any other *IX doing that)...  but I think it's really fading
in light of cross-platform, non-vendor-controlled LDAP.

Will you need to know how to use it for Sun certification?  I don't know,
but I'd be really surprised if the answer were 'no'.  While I get the
feeling that new installations aren't really into using it, I would expect
Sun to want to prepare you in certification for old sites that have NIS
deeply ingrained in their architecture.

	-Bill
-- 
William Yang
wyang at gcfn.net

More information about the colug432 mailing list