Using Name Services

14

The network information service (NIS), which is part of the SunOS release 4.x environment, is widely being replaced with the network information service plus (NIS+). NIS+, introduced with the SunOS 5.0 system, is a completely redesigned name service that takes into account changes in customer client/server environments. DNS ( domain name system) is an existing, complimentary name service used for inter-company communication. This chapter discusses NIS+ and compares it to NIS and DNS.

This chapter contains the following sections:

*Name Service Switch*	*page 140*
*NIS+*	*page 140*
*DNS*	*page 140*
*DNS and NIS+ Comparison*	*page 141*
*NIS and NIS+ Comparison*	*page 142*
*Planning an NIS+ Upgrade*	*page 143*
*Installing NIS+ on a SunOS Release 4.x System*	*page 143*

For more information about planning an NIS+ upgrade and installing NIS+, see NIS+ Transition Guide, Name Services Configuration Guide, and Name Services Administration Guide.

Note - The system administration documentation set for the Solaris 2.4 operating environment emphasizes a system that is using NIS+.

Name Service Switch

The Solaris 2.4 operating environment uses standard naming interfaces (for example, gethostbyname) to support multiple naming services (such as NIS, NIS+, and DNS, among others), thereby allowing applications to access data transparently from different services. One instance of this is the Name Service Switch capability in the Solaris 2.4 operating environment, which allows applications to use a UNIX standard naming interface (for example, getxxbyyy interfaces) in this manner. See the nsswitch.conf(4) man page for more information.

NIS+

NIS+ is a name service built on top of the ONC transport-independent remote procedure call (TI-RPC) interface. NIS+ has significant advantages over NIS in the areas of security, performance, scalability, and administration.

DNS

DNS supports the model of a hierarchical name space with autonomously administered name servers. Although NIS+ uses a similar hierarchical naming model, it focuses on supporting changing system administration data and other requirements of enterprise networks.

DNS and NIS+, therefore, are complementary name services:

DNS is used for intercompany communication
NIS+ supports administration of enterprise networks

DNS and NIS+ Comparison

Table 14-1 shows the features and benefits of DNS compared to NIS+.

Table 14-1

Feature	DNS	NIS+
Security	Unrestricted access to data	All operations can be optionally authenticated UNIX-style access rights for objects and entries
API and human interface	Allows read-only access to name service	Allows read-write access to name service. Provides: - Efficient support of changing network environment - API support of administrative operations - Support of administrative and other distributed applications
Updating	By transfer of zone master files - Weaker consistency	By incremental data transfer - Fast support of changing network environments
Compatibility with NIS	Not applicable	Existing NIS applications can migrate smoothly
Data support	ASCII data only with packet size restriction	Binary and ASCII data. Provides: - Support of variable information - Support of larger objects

The main strength of DNS is supporting hierarchical database partitions and replicas containing entries of relatively static information (such as host name and IP address). DNS ensures compatibility and smooth operation in a wide-area interorganization environment.

NIS+, in contrast, is a secure repository of changing administrative information (such as email aliases, Ethernet addresses, RPC program numbers) for enterprise networks.

NIS and NIS+ Comparison

Table 14-2 summarizes several major enhancements in NIS+ compared to NIS.

Table 14-2

Feature	NIS	NIS+
Name space	Has a flat organization; is not hierarchical	Has a hierarchical organization
Database	Centralized flat file database for each independent network domain	Partitioned into directories to support each network subset or autonomous domain
Data Storage Scheme	Multiple bicolumn "maps" (files) having key-value pairs	Multicolumn database with multiple, searchable columns
Resource Access Across Domains	Not supported	Permitted for authorized users
Replication	One replica server required per IP subnetwork	Each replica server can serve clients on multiple IP subnets
Privileges for Updating	Updates require superuser privileges on master server	Updates can be performed remotely by authorized users
Update Process	Updates require using "make" files on master servers	Updates are performed easily through command-line interface
Update Propagation	Is administrator initiated and requires transfer of whole maps	Automatic and high-performance updating via incremental transfer
Authorization	Anyone can read all information stored in an NIS database	Fine-grained access control to NIS+ directories, table column, and entries

NIS+ includes features that enable NIS sites to migrate to the new name service in a smooth, phased manner. NIS sites that migrate to NIS+ will gain the following benefits:

Distributed and remote administration of network domains by authorized users
Support for hierarchical domains
Fast and automatic propagation of updates from master to replica servers
Fine-grained access to tables and network resources
Easier and more consistent administrative operations
Increased naming service reliability and availability

NIS Support in SunOS Release 5.4

The Solaris 2.4 operating environment contains support for most client-side NIS utilities and APIs. There is no server-side support for NIS in the Solaris 2.4 operating environment; however, NIS+ software presently includes a compatibility package (NISBCP) for sites that want to continue using NIS during the transition. NIS-compatibility mode makes it possible for Solaris 2.4 systems to serve both NIS+ and NIS clients.

Keep in mind, however, that NISBCP has a limited life span and will be supported only for the duration of the transition.

Planning an NIS+ Upgrade

NIS+ supports the following combinations of systems:

SunOS release 5.4 installed on all servers and clients
SunOS release 5.4 installed on one server, but combined with some SunOS release 4.x servers
SunOS release 5.4 installed on some clients, running with SunOS release 4.x servers

For a network, there are three main migration paths from NIS to the NIS+ name service:

Upgrade all servers at once to NIS+ and enable its compatibility mode (activated by the -Y flag of rpc.nisd(1M))
Use different domain names so NIS and NIS+ can coexist
Have new clients use NIS+ with an NIS+ server and old clients use NIS with an NIS 4.x server, without using NIS-compatibility mode

The first step to upgrading your network is to decide which servers to upgrade to the NIS+ name service and which servers can continue to run NIS. See NIS+ Transition Guide for more information.

Installing NIS+ on a SunOS Release 4.x System

The Solaris 2.4 operating environment provides a way to install NIS+ on systems running earlier versions of the operating system. If you have not converted servers to Solaris 2.4 software, you can still use NIS+ to manage a heterogeneous network of SunOS release 4.x and Solaris 2.4 systems.

A tar archive file, NISPLUS.TAR, is included in the root (/) directory of the Solaris 2.4 distribution CD. The NISPLUS.4.1 README file in the root directory describes how to set up NIS+ on a SunOS release 4.x system.

Note - Sites need to upgrade to SunOS release 5.4 and then transition to NIS+.

Even though NIS+ is available for SunOS release 4.x systems, you should run it on a Solaris 2.x system. NIS+ takes advantage of many improvements that were made to non-NIS+ components in Solaris 2.x such as RPC, security, and other networking libraries. NIS+ is also better integrated with other Solaris 2.x tools such as the Administration Tool.