Nisplus
Encyclopedia
NIS+ is a directory service
developed by Sun Microsystems
to replace its older 'NIS' (Network Information Service
). It is designed to eliminate the need for duplication across many computers of configuration data such as user accounts, host names and addresses, printer information and NFS disk mounts on individual systems, instead using a central repository on a master server, simplifying system administration. NIS+ client software has been ported to other Unix
and Unix-like
platforms.
Prior to the release of Solaris 9 in 2002, Sun announced its intent to remove NIS+ from Solaris in a future release and now recommends that customers instead use an LDAP
-based lookup scheme. NIS+ was present in Solaris 9 and 10 (although both releases include tools to migrate NIS+ data to an LDAP server) and it has now been removed from the OpenSolaris
trunk.
For example, whenever a new user was added to the network, the following files would need to be updated on every existing system:
Likewise /etc/group would have needed updating every time a new group was added and /etc/hosts would have needed updating every time a new computer was added to the network.
If a new user with a new system is added to a network of 20 existing systems, the UNIX administrator would need to modify 5 files on 21 machines, or 105 files in all. With NIS+, adding user and machines to the network only requires changes to the NIS+ server's maps and the new host’s /etc/nsswitch.conf
needs to point to the NIS+ server. When a user logs into any other machine, that host (the NIS+ client), knowing who the NIS+ server is, queries it for the username and password to identify and authenticate the user.
NIS+ also manages several other types of data: NFS mounts (auto_master, auto_home), network booting and other parameters (bootparams, ethers, netmasks, netgroup, networks, protocols, rpc, services), security access (cred), aliases, and timezone.
An installation of NIS+ comes with such table structures predefined. There are facilities available to create other tables as needed.
standard maintained by the IETF, including Microsoft’s LDAP implementation, Active Directory
. LDAP can be configured to handle more general information, such as corporate employee structures, phone numbers, address, etc. so it requires more thought and planning. Many organizations require all the features of NIS+, LDAP, and Active Directory and run them all simultaneously.
Another alternative that has been popular in certain environments is the Hesiod
name service, which is based on the DNS protocols.
NIS+ table permissions determine a user's level of access to the table's contents.
Directory service
A directory service is the software system that stores, organizes and provides access to information in a directory. In software engineering, a directory is a map between names and values. It allows the lookup of values given a name, similar to a dictionary...
developed by Sun Microsystems
Sun Microsystems
Sun Microsystems, Inc. was a company that sold :computers, computer components, :computer software, and :information technology services. Sun was founded on February 24, 1982...
to replace its older 'NIS' (Network Information Service
Network Information Service
The Network Information Service, or NIS is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network...
). It is designed to eliminate the need for duplication across many computers of configuration data such as user accounts, host names and addresses, printer information and NFS disk mounts on individual systems, instead using a central repository on a master server, simplifying system administration. NIS+ client software has been ported to other Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
and Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
platforms.
Prior to the release of Solaris 9 in 2002, Sun announced its intent to remove NIS+ from Solaris in a future release and now recommends that customers instead use an LDAP
Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...
-based lookup scheme. NIS+ was present in Solaris 9 and 10 (although both releases include tools to migrate NIS+ data to an LDAP server) and it has now been removed from the OpenSolaris
OpenSolaris
OpenSolaris was an open source computer operating system based on Solaris created by Sun Microsystems. It was also the name of the project initiated by Sun to build a developer and user community around the software...
trunk.
NIS vs. NIS+
NIS and NIS+ are only similar in their purpose and name; otherwise, they have completely different implementations. They differ in the following ways:- NIS+ is hierarchical.
- NIS+ is based around Secure RPC (servers must authenticate clients and vice-versa).
- NIS+ may be replicated (replicas are read-only).
- NIS+ implements permissions on directories, tables, columns and rows.
- NIS+ also implements permissions on operations, such as being able to use nisping to transfer changed data from a master to a replica.
The problem of managing network information
In the 1970s, when computers were expensive and networks consisted of a few nodes, administering network information for a few nodes was manageable and a centralized system was not needed. As computers became cheaper and networks grew larger, it became increasingly more difficult to maintain separate copies of network configurations on every individual system.For example, whenever a new user was added to the network, the following files would need to be updated on every existing system:
| File | Sample entry | Information |
|---|---|---|
| /etc/passwd | numiri:x:37:4:Sebastian Nguyen:/home/numiri | user name, home directory, ... |
| /etc/shadow | numiri:1AD3ioUMlkj234k: | encrypted password |
Likewise /etc/group would have needed updating every time a new group was added and /etc/hosts would have needed updating every time a new computer was added to the network.
If a new user with a new system is added to a network of 20 existing systems, the UNIX administrator would need to modify 5 files on 21 machines, or 105 files in all. With NIS+, adding user and machines to the network only requires changes to the NIS+ server's maps and the new host’s /etc/nsswitch.conf
Name Service Switch
The Name Service Switch is a facility in Unix-like operating systems that provides a variety of sources for common configuration databases and name resolution mechanisms...
needs to point to the NIS+ server. When a user logs into any other machine, that host (the NIS+ client), knowing who the NIS+ server is, queries it for the username and password to identify and authenticate the user.
NIS+ also manages several other types of data: NFS mounts (auto_master, auto_home), network booting and other parameters (bootparams, ethers, netmasks, netgroup, networks, protocols, rpc, services), security access (cred), aliases, and timezone.
An installation of NIS+ comes with such table structures predefined. There are facilities available to create other tables as needed.
Alternatives
Other alternative schemes for storing network information exist, such as the LDAPLightweight Directory Access Protocol
The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...
standard maintained by the IETF, including Microsoft’s LDAP implementation, Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
. LDAP can be configured to handle more general information, such as corporate employee structures, phone numbers, address, etc. so it requires more thought and planning. Many organizations require all the features of NIS+, LDAP, and Active Directory and run them all simultaneously.
Another alternative that has been popular in certain environments is the Hesiod
Hesiod (name service)
In computing, the Hesiod name service originated in Project Athena . It uses DNS functionality to provide access to databases of information that change infrequently...
name service, which is based on the DNS protocols.
NIS+ client/server model
Unlike NIS, NIS+ uses a hierarchical structure of multiple domains. A NIS+ domain can, and should, be serviced by multiple servers. The primary server is known as the master server, and backup servers are known as replica servers. Both types hold copies of the NIS+ tables. Changes are first committed to the master server and then propagated to replica servers in increments.NIS+ table permissions determine a user's level of access to the table's contents.
See also
- client–server model
- Lightweight Directory Access ProtocolLightweight Directory Access ProtocolThe Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...
(LDAP) - Network Information ServiceNetwork Information ServiceThe Network Information Service, or NIS is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network...
(NIS)
External links
- NIS+ FAQs
- NIS+ installation and Configuration
- Resources on how to replace NIS and NIS+ can be found at the NIS Migration Resource Site