Before You Start NIS+

Before you start to set up NIS+ at your site, you need to do some planning and to know certain information about the machines at your site. In addition, you must have at least one system already running at your site that contains at least one user (root) in the system information files such as /etc/passwd. (Machines usually come with root in the system files so this should not be a problem.)

Planning Your NIS+ Layout

To plan the structure of your NIS+ namespace:

• Sketch the domain hierarchy
• Select servers to be used for the namespace
• Determine the administrative groups and their members
• Determine access rights to the namespace

Detailed explanations of these tasks are in Part I of this book. Appendix A, "Pre-Setup Worksheets" contains blank worksheets that you can use to help plan your NIS+ namespace.

If an NIS domain already exists at your site, you can use the same flat domain structure for your NIS+ namespace if you like. (You can change it later to a hierarchical structure.) Read NIS+ Transition Guide before you start your transition from NIS to NIS+ for tips and insights. The NIS+ scripts easily enable you to start NIS+ with data from NIS maps. Chapter 7, "Setting Up NIS+" shows you how to use the NIS+ scripts to create a NIS+ namespace from either system files or NIS maps.

You don't have to do any planning to run through the tutorial in Chapter 7, "Setting Up NIS+". You just need a few networked machines with which to practice. Be sure to plan your site's hierarchy before you move from the tutorial to setting up your real NIS+ namespace.

Determining Server and System Space Requirements

Once you have determined the domain structure of your namespace, you can choose the servers that will support them. You need to differentiate between the requirements imposed by NIS+ and those imposed by the traffic load of your namespace.

NIS+ requires you to assign at least one server, the master, to each NIS+ domain. Although you can assign any number of replicas to a domain, more than 10 per domain is not recommended! An NIS+ server is capable of supporting more than one domain, but this is not recommended except in small namespaces or testing situations. The number of servers a domain requires is determined by the traffic load and the configuration of its servers.

Here are some guidelines for determining how many servers you will need:

1. Assign one master server per domain in the hierarchy.

2. Add at least one replica server for each domain. (A replica can answer requests when the master is unavailable).

3. Calculate the disk space requirements of each server. The next section, "Disk Space and Memory Recommendations," describes how to calculate disk space usage.

Disk Space and Memory Recommendations

Disk space requirements depend upon four factors:

• Disk space consumed by the Solaris 2.4 software
• Disk space for /var/nis (and /var/yp)
• Amount of memory
• Swap space required for NIS+ processes

The Solaris 2.4 software can consume over 220 megabytes (Mbytes) of disk space (including the OpenWindows^(TM) software), depending on how much of it you install. (This is an estimate; for exact numbers, see SPARC: Installing Solaris Software or x86: Installing Solaris Software.) You should also count the disk space consumed by other software the server may use. NIS+ is part of the Solaris 2.4 distribution so it does not consume additional disk space.

NIS+ data is stored in /var/nis. The directory /var/nis uses approximately 5 Kilobytes of disk space per client of the domain. For example, if a domain has 1,000 clients, /var/nis requires about 5 Mbytes of disk space. Because transaction logs, also kept in /var/nis, can grow large, you may want to add more space in addition to whatever is required for the domain's clients--an additional 10-15 Mbytes is recommended. In other words, for 1,000 clients, allocate 15 to 20 Mbytes for /var/nis. You can reduce this amount if you checkpoint transaction logs regularly. Try to keep /var/nis on a separate partition; this separation will help during an operating system upgrade.

If you are going to load information into NIS+ from NIS maps, allocate an appropriate amount of space for /var/yp to hold those NIS maps.

Although 32 Mbytes is the minimum memory requirement for servers (root master, subdomain master servers and replica servers), you should equip servers of medium to large domains with at least 64 Mbytes.

In addition to the server's normal swap space requirements, NIS+ requires swap space equal to two or three times the server's rpc.nisd(1M) process size because the server process forks during certain operations. See "How to Configure a Client as an NIS+ Server" and the rpc.nisd(1M) man page for more information.

About the NIS+ Scripts

The three NIS+ scripts--nisserver(1M), nispopulate(1M), and nisclient(1M)--enable you to set up a NIS+ namespace easily. The NIS+ scripts are Bourne shell scripts that execute groups of NIS+ commands so you don't have to type the NIS+ commands individually. Table 6-1 describes what each script does.

Table 6-1

NIS+ Script	What It Does
nisserver(1M)	Sets up the root master, non-root master and replica servers with level 2 security (DES)
nispopulate(1M )	Populates NIS+ tables in a specified domain from their corresponding system files or NIS maps
nisclient(1M)	Creates NIS+ credentials for hosts and users; initializes NIS+ hosts and users

In combination with a few NIS+ commands, you can use the NIS+ scripts to perform all the tasks necessary for setting up an NIS+ namespace. See the nisserver(1M), nispopulate(1M), and nisclient(1M) man pages for complete descriptions of these commands and their options. Chapter 7, "Setting Up NIS+," shows you how to use the NIS+ scripts to set up an NIS+ namespace.

You can run each of the scripts without having the commands execute by running them with the -x option. This option lets you see what commands the scripts call and their approximate output without the scripts actually changing anything on your systems. First running the scripts with -x may minimize unexpected surprises.

What the NIS+ Scripts Won't Do

While the NIS+ scripts reduce the effort required to create an NIS+ namespace, the scripts do not completely replace the individual NIS+ commands. The scripts only implement a subset of NIS+ features.

If you are unfamiliar with NIS+, you may wish to refer back to this section after you have created the sample NIS+ namespace rather than reading it now.

The nisserver(1M) script will only set up an NIS+ server with the standard default tables and permissions (authorizations). This script does not:

• Set special permissions for tables and directories
• Add extra NIS+ principals to the NIS+ admin group

  See Chapter 7, "Setting Up NIS+" for how to use the nisgrpadm (1M) command instead of one of the NIS+ scripts to add extra NIS+ principals to the NIS+ admin group.

• Create private tables
• Run an NIS+ server at any security level other than level 2
• Start the rpc.nisd(1M) daemon on remote servers, which is required to complete server installation

  See Chapter 7, "Setting Up NIS+" for how to use the rpc.nisd (1M) command instead of one of the NIS+ scripts to change NIS+ client machines into non-root servers.

The nisclient(1M) script does not set up an NIS+ client to resolve hostnames using DNS. You need to explicitly set DNS for clients that require this option.

See Name Services Administration Guide for information on how to perform any of the above tasks with individual commands.