Sun and OracleChannel SunHow to BuyLog InFrançais

Name Services Configuration Guide
  Rechercher uniquement dans ce livre
Aide pour la recherche
Contenues dans
Trouver plus de documentation
Ressources d'assistance comprises
 Télécharger cet ouvrage au format PDF

Overview of Name Services

1

This chapter briefly discusses what name services are, the Domain Name Service (DNS), the Network Information Service (NIS), and the Network Information Service Plus (NIS+). Part 1 of this book discusses all these topics in detail.
What Is a Name Service?page 1
What Is DNS?page 2
What Is NIS?page 2
What Is NIS+?page 3
What NIS + Can Do for Youpage 4
How NIS+ Differs from NISpage 5
Directions for setting up a DNS namespace are in Part 3. Directions for setting up an NIS+ namespace are in Chapter 7, "Setting Up NIS+." See "Glossary" for definitions of terms and acronyms you don't recognize.

What Is a Name Service?

Name services store information that users, workstations, and applications must have to communicate across the network. Without a name service, each workstation would have to maintain its own copy of this information. This information includes machine addresses, user names, passwords and network
access permissions, in some cases. The information may be stored in files or database tables. Centrally locating this data makes it easier to administer large networks.

What Is DNS?

DNS, the Domain Name Service, is the name service provided by the Internet for TCP/IP networks. It was developed so that workstations on the network could be identified with common names instead of Internet addresses. Domain Name Service performs naming between hosts within your local administrative domain and across domain boundaries.
The collection of networked workstations that use DNS are referred to as the DNS namespace. The DNS namespace can be divided into a hierarchy of domains. A DNS domain is simply a group of workstations. Each domain is supported by two or more name servers: a principal server and one or more secondary servers. Each server implements DNS by running a daemon called in.named. On the client's side, DNS is implemented through the "resolver." The resolver's function is to resolve users' queries; to do that, it queries a name server, which then returns either the requested information or a referral to another server.

What Is NIS?

NIS, Network Information Service, was developed independently of DNS and had a slightly different focus. Whereas DNS focused on making communication simpler by using workstation names instead of addresses, NIS focused on making network administration more manageable by providing centralized control over a variety of network information. As a result, NIS stores information not only about workstation names and addresses, but also about users, the network itself, and network services. This collection of network information is referred to as the NIS namespace.
NIS uses a client-server arrangement similar to DNS. Replicated NIS servers provide services to NIS clients. The principal servers are called master servers, and for reliability, they have backup, or replica servers. Both master and replica servers use the NIS information retrieval software and both store NIS maps.

What Is NIS+?

NIS+ (pronounced en-eye-ess plus) is a network name service similar to the network information service (NIS) but with more features. NIS+ is not an extension of NIS, but is a new software program.
NIS+ enables you to store information such as workstation addresses, security information, mail information, information about Ethernet interfaces, and network services in a location where all workstations on a network can have access to it. This configuration of network information is referred to as the NIS+ namespace.
The NIS+ namespace is hierarchical, and is similar in structure to the UNIX(R) directory file system. The hierarchical structure allows an NIS+ namespace to be configured to conform to the logical hierarchy of an organization. The namespace's layout of information is unrelated to its physical arrangement. Thus, an NIS+ namespace can be divided into multiple domains that can be administered autonomously. Clients may have access to information in other domains in addition to their own if they have the appropriate permissions.
NIS+ uses a client-server model to store and have access to the information contained in an NIS+ namespace. Each domain is supported by a set of servers. The principal server is called the master server and the backup servers are called replicas. The network information is stored in 16 standard NIS+ tables in an internal NIS+ database. Both master and replica servers run NIS+ server software and both maintain copies of NIS+ tables. Changes made to the NIS+ data on the master server are incrementally propagated automatically to the replicas.
NIS+ includes a sophisticated security system to protect the structure of the namespace and its information. It uses authentication and authorization to verify whether a client's request for information should be fulfilled. Authentication determines whether the information requestor is a valid user on the network. Authorization determines whether a particular user is allowed to have or modify the information requested. Various security levels, including none at all, can be set.
Solaris clients use the name service switch (/etc/nsswitch.conf file) to determine from where a workstation will retrieve network information. Such information may be stored in local /etc files, NIS, DNS, or NIS+. You can specify different sources for different types of information in the name service switch.

What NIS + Can Do for You

NIS+ has some major advantages over NIS:
  • Secure data access
  • Hierarchical and decentralized network administration
  • Very large namespace administration
  • Access to resources across domains
  • Incremental updates
With the security system described in "What Is NIS+?," you can control a particular user's access to an individual entry in a particular table. This approach to security helps to keep the system secure and administration tasks to be more broadly distributed without risking damage to the entire NIS+ namespace or even to an entire table.
The NIS+ hierarchical structure allows for multiple domains in one namespace. Division into domains makes administration easier to manage. Individual domains can be administered completely independently, thereby relieving the burden on system administrators who would otherwise each be responsible for very large namespaces. As mentioned above, the security system in combination with decentralized network administration allows for a sharing of administrative work load.
Even though domains may be administered independently, all clients can be granted permission to access information across all domains in a namespace. Since a client can only see the tables in its own domain, the client can only have access to tables in other domains by explicitly addressing them.
Incremental updates mean faster updates of information in the namespace. Since domains are administered independently, changes to master server tables only have to be propagated to that master's replicas and not to the entire namespace. Once propagated, these updates are visible to the entire namespace immediately.

How NIS+ Differs from NIS

NIS+ differs from NIS in several ways. It has many new features and the terminology for similar concepts is different. Look in "Glossary" if you see a term you don't recognize. Table 1-1 gives an overview of the major differences between NIS and NIS+.
Table 1-1
NISNIS+
Flat domains--no hierarchyHierarchical layout--data stored in different levels in the namespace
Data stored in 2 column mapsData stored in multi-column tables
Uses no authenticationUses DES authentication
Single choice of network information sourceName service switch--lets client choose information source: NIS, NIS+, DNS, or local /etc files
Updates delayed for batch propagationIncremental updates propagated
immediately
See Chapter 2, "Understanding Name Services" and NIS+ Transition Guide for more information on these changes and new features.