NIS+ Overview

NIS+ (pronounced "en-eye-ess-plus" or "niss-plus") is a network name service similar to NIS but with more features. NIS+ is not an extension of NIS; it is a new software program.

NIS+ enables you to store information such as workstation addresses, security information, mail information, information about Ethernet interfaces, and network services in central locations where all workstations on a network can have access to it. This configuration of network information is referred to as the NIS+ namespace.

The NIS+ namespace is hierarchical, and is similar in structure to the UNIX^(R) file system. The hierarchical structure allows an NIS+ namespace to be configured to conform to the logical hierarchy of an organization. The namespace's layout of information is unrelated to its physical arrangement. Thus, an NIS+ namespace can be divided into multiple domains that can be administered autonomously. Clients may have access to information in other domains in addition to their own if they have the appropriate permissions.

NIS+ uses a client-server model to store and have access to the information contained in an NIS+ namespace. Each domain is supported by a set of servers. The principal server is called the master server and the backup servers are called replicas. The network information is stored in 16 standard NIS+ tables in an internal NIS+ database. Both master and replica servers run NIS+ server software and both maintain copies of NIS+ tables. Changes made to the NIS+ data on the master server are incrementally propagated automatically to the replicas.

NIS+ includes a sophisticated security system to protect the structure of the namespace and its information. It uses authentication and authorization to verify whether a client's request for information should be fulfilled. Authentication determines whether the information requestor is a valid user on the network. Authorization determines whether a particular user is allowed to have or modify the information requested.

Solaris clients use the name service switch (the /etc/nsswitch.conf file) to determine from where a workstation will retrieve network information. Such information may be stored in local /etc files, NIS, DNS, or NIS+. You can specify different sources for different types of information in the name service switch.

For a more through description of NIS+, see NIS+ and FNS Administration Guide.

Setting Up NIS+

This manual describes two different methods of setting up an NIS+ namespace:

• With the setup scripts. Part 1 describes how to set up NIS+ using the three NIS+ scripts: nisserver, nispopulate, and nisclient. This is the easiest method, and recommended, method.

• With the NIS+ command set. Part 2 describes how to set up NIS+ using the NIS+ command set. While this method gives you more flexibility than the scripts method, it is more difficult. This method should be used only by experienced NIS+ administrators who need to set up a namespace with characteristics significantly different than those provided by the setup scripts.

See NIS+ and FNS Administration Guide for information on how to remove an NIS+ directory or domain, an NIS+ server, or the NIS+ namespace.

Before You Start NIS+

Before you start to set up NIS+ at your site, you need to

1. Plan your NIS+ layout. See "Planning Your NIS+ Layout" on page 3 and use the planning worksheets on page 7 and page 8. See NIS+ Transition Guide for a complete description of the planning process.

2. Prepare your existing namespace (if any). See "Preparing the Existing Namespace" on page 5.

3. Choose a root domain name.

4. Choose a root server machine.

5. Make sure that you have at least one system already running at your site that can be used as your root master server. This machine must contain at least one user (root) in the system information files, such as /etc/passwd. (Machines usually come with root in the system files, so this should not be a problem.)

To create the sample namespace described in the Part 1 tutorial, you need only do steps 2, 4, and 5 above. The tutorial does the NIS+ layout planning for you and chooses a domain name.

Planning Your NIS+ Layout

To plan the structure of your NIS+ namespace:

• Determine your server requirements (see page 4).
• Determine your disk space and memory requirements (see page 4).

• Sketch the domain hierarchy.
• Select servers to be used for the namespace.
• Determine the administrative groups and their members.
• Determine access rights to the namespace.

See NIS+ Transition Guide for a full description of these steps and use the "Configuration Worksheets" on page 7 to help plan your namespace.

You don't have to do any planning to work through the tutorial in Chapter 3, "Setting Up NIS+ With Scripts." You just need a few networked machines to practice on. But be sure to plan your site's hierarchy before you move from the tutorial to setting up your real NIS+ namespace.

Determining Server Requirements

Once you have determined the domain structure of your namespace, you can choose the servers that will support them. You need to differentiate between the requirements imposed by NIS+ and those imposed by the traffic load of your namespace.

NIS+ requires you to assign at least one server, the master, to each NIS+ domain. Although you can assign any number of replicas to a domain, more than 10 per domain is not recommended. An NIS+ server is capable of supporting more than one domain, but this is not recommended except in small namespaces or testing situations. The number of servers a domain requires is determined by the traffic load and the configuration of its servers.

Here are some guidelines for determining how many servers you will need:

• Assign one master server per domain in the hierarchy.
• Add at least one replica server for each domain. (A replica can answer requests when the master is unavailable.)
• Calculate the disk space requirements of each server. The next section, "Disk Space and Memory Recommendations," describes how to calculate disk space usage.

Disk Space and Memory Recommendations

Disk space requirements depend on four factors:

• Disk space consumed by the Solaris 2.5 software
• Disk space for /var/nis (and /var/yp)
• Amount of memory
• Swap space required for NIS+ processes

Depending on how much you install and whether or not you include the OpenWindows^(TM) software, the Solaris 2.5 software can consume over 220 Mbytes of disk space. You should also count the disk space consumed by other software the server may use. NIS+ is part of the Solaris 2.4 distribution, so it does not consume additional disk space.

NIS+ data is stored in /var/nis. The directory /var/nis uses approximately 5 Kbytes of disk space per client of the domain. For example, if a domain has 1000 clients, /var/nis requires about 5 Mbytes of disk space. Because transaction logs, also kept in /var/nis, can grow large, you may want to add more space in addition to whatever is required for the domain's clients--an additional 10-15 Mbytes is recommended. In other words, for 1000 clients, allocate 15-20 Mbytes for /var/nis. You can reduce this amount if you checkpoint transaction logs regularly. Try to keep /var/nis on a separate partition; this separation will help during an operating system upgrade.

If you are going to load information into NIS+ from NIS maps, allocate an appropriate amount of space for /var/yp to hold those NIS maps.

Although 32 Mbytes is the minimum memory requirement for servers (root master, subdomain master servers, and replica servers), you should equip servers of medium-to-large domains with at least 64 Mbytes.

In addition to the server's normal swap space requirements, NIS+ requires swap space equal to two or three times the server's rpc.nisd process size because the server process forks during certain operations. See "Configuring a Client as an NIS+ Server" on page 45 and the rpc.nisd man page for more information.

Preparing the Existing Namespace

If an NIS domain already exists at your site, you can use the same flat domain structure for your NIS+ namespace if you like. (You can change it later to a hierarchical structure.) Read NIS+ Transition Guide before you start your transition from NIS to NIS+ for important planning and preparation information. The NIS+ scripts easily enable you to start NIS+ with data from

NIS maps. Chapter 3, "Setting Up NIS+ With Scripts," shows you how to use the NIS+ scripts to create a NIS+ namespace from either system files or NIS maps.

However, in order for the scripts to run smoothly, you must prepare your existing namespace (if you have one) for conversion to NIS+. These preparations are described fully in NIS+ Transition Guide.

For your reference, key preparations are summarized below:

• Domain and host names. Domains and hosts must not have the same name. For example, if you have a sales domain you cannot have a machine named sales. Similarly, if you have a machine named home, do not create a domain named home. This caution also applies to subdomains; for example, if you have a machine named west, you don't want to create a sales.west.myco.com subdirectory.
• No dots in host names. Because NIS+ uses dots (periods) to delimit between machine names and domains and between parent and subdomains, you cannot have a machine name containing a dot. Before converting to NIS+ (before running the scripts) you must eliminate any dots in your host names. You should convert host name dots to hyphens. For example, you cannot have a machine named sales.alpha. You can convert that name to sales-alpha. (See the hosts(4)man page for detailed information on allowable host names.)
• Root server must be running. The machine that will be designated the root server must be up and running and you must have superuser access to it.
• View any existing local /etc files or NIS maps that you will be loading data from. Make sure that there are no spurious or incorrect entries. Make sure that the right data is in the correct place and format. Remove any outdated, invalid, or corrupt entries. You should also remove any incomplete or partial entries. You can always add individual entries after setup is completed. That is easier than trying to load incomplete or damaged entries.

---

Caution - In Solaris 2.4 and earlier, the /var/nis directory contained two files named hostname.dict and hostname.log. It also contained a subdirectory named /var/nis/hostname. When you install NIS+ for Solaris 2.5, the two files are named trans.log and data.dict, and the subdirectory is named /var/nis/data. In Solaris 2.5, the content of the files has also been changed and they are not backward compatible with Solaris 2.4 or earlier. Thus, if you

rename either the directories or the files to match the Solaris 2.4 patterns, the files will not work with either the Solaris 2.4 or the Solaris 2.5 version of rpc.nisd. Therefore, you should not rename either the directories or the files.

---

Configuration Worksheets

Use the worksheets on the following pages to record planning information prior to NIS+ setup. There are two worksheets for each domain:

• "Servers, Credentials, Directories, and Groups Worksheet" on page 7
• "NIS+ Tables Worksheet" on page 8

If you have more than one domain, make copies of the blank worksheets.

Table 1-1 Servers, Credentials, Directories, and Groups Worksheet

Domain:

Servers	Type	Name		Specifications
	Master
	First Replica
	Second Replica
Credentials	Type of Principal Servers Clients Administrators Users	Type of Credential
Rights	Types of Objects	Category & Rights
	Directories	N O G	W	Use Defaults?

Table 1-1 Servers, Credentials, Directories, and Groups Worksheet

Domain:

Servers	Type	Name				Specifications
	Groups	N	O	G	W	Description

Table 1-2 NIS+ Tables Worksheet

Domain:

Rights	Types of Objects	Category & Rights
	Tables	N	O	G	W	Notes
	bootparams
	hosts
	passwd
	cred
	group
	netgroup
	mail_aliases
	timezone
	networks
	netmasks
	ethers
	services

Table 1-2 NIS+ Tables Worksheet

Domain:

protocols

rpc

auto_home

auto_master