Главная » Linux

What is linux nis

Содержание
  1. What is linux nis
  2. Contents
  3. NIS Server
  4. Install Packages
  5. Configuration
  6. /etc/hosts
  7. /etc/nisdomainname
  8. /etc/ypserv.conf
  9. /var/yp/Makefile
  10. /var/yp/securenets
  11. /var/yp/ypservers
  12. Set your domain name
  13. Start NIS Daemons
  14. NIS Client
  15. Install Packages
  16. Configuration
  17. Set your domain name
  18. /etc/hosts
  19. Start NIS Daemons
  20. Early testing
  21. /etc/nsswitch.conf
  22. /etc/pam.d/passwd
  23. Attention on Systemd V235 since 10/2017 (and V239 since 06/2018, and V245 since 03/2020)
  24. Глава 13. Сетевая информационная система (NIS)
  25. Знакомство с NIS
  26. Linux – Network Information Service

What is linux nis

Network Information Service (NIS) is a protocol developed by Sun to allow one to defer user authentication to a server. The server software is in the ypserv AUR package, and the client software is in the yp-tools AUR package. ypbind-mt AUR is also available, which is a multi threaded version of the client daemon.

Contents

NIS Server

Install Packages

Configuration

/etc/hosts

Add your server’s external (not 127.0.0.1) IP address to the hosts file. Make sure it is the first non-commented line in the file, yes, even above the localhost line, like so:

This is due to a peculiarity in ypinit (maybe it is a bug, maybe it is a feature), which will always add the first line in /etc/hosts to the list of ypservers.

/etc/nisdomainname

Add the domain name to /etc/nisdomainname :

/etc/ypserv.conf

Add rules to /etc/ypserv.conf for your your nis clients of this form:

For more information see man ypserv.conf .

/var/yp/Makefile

Add or remove files you would like NIS to use to /var/yp/Makefile under the «all» rule.

After that you have to build your NIS database:

Or you can do it in a more automated fashion:

If you use this way you may skip manually adding lines to /var/yp/ypservers.

/var/yp/securenets

Add rules to /var/yp/securenets to restrict access:

Be sure to comment out this line, as it gives access to anyone.

/var/yp/ypservers

Add your server to /var/yp/ypservers:

Set your domain name

Now edit the /etc/yp.conf file and add your ypserver or nis server.

Start NIS Daemons

Start/enable the following systemd units:

  • rpcbind.service
  • ypbind.service
  • ypserv.service
  • yppasswdd.service (to allow clients to change their password with passwd )

NIS Client

Install Packages

The first step is to install the tools that you need. This provides the configuration files and general tools needed to use NIS. Install yp-tools AUR ypbind-mt AUR .

Configuration

Set your domain name

You can apply this permanently by editing /etc/nisdomainname and adding:

Now edit the /etc/yp.conf file and add your ypserver or nis server.

/etc/hosts

It may be a good idea to add your NIS server to /etc/hosts

Start NIS Daemons

Start/enable the rpcbind.service and ypbind.service systemd units.

Early testing

To test the setup so far you can run the command yptest:

If it works you will, among other things, see the contents of the NIS user database (which is printed in the same format as /etc/passwd).

/etc/nsswitch.conf

To actually use NIS to log in you have to edit /etc/nsswitch.conf. Modify the lines for passwd, group and shadow to read:

And then do not forget

/etc/pam.d/passwd

To allow a user on a client machine to change their password on the server, be sure that yppasswdd.service is started/enabled on the server.

Edit /etc/pam.d/passwd on the client to add the nis parameter to password/pam_unix.so :

See section 7 of The Linux NIS HOWTO for further information on configuring NIS clients.

Attention on Systemd V235 since 10/2017 (and V239 since 06/2018, and V245 since 03/2020)

Due a problem with sandboxing on systemd-logind , any IP connections from and to the systemd-logind service are now denied. This will cause failures to log in, even though yptest works as expected, and can also cause accounts-daemon to crash outright. The basic problem is that the default /usr/lib/systemd/system/systemd-logind.service file that ships with systemd specifies IPAddressDeny=any , and this prevents it from communicating with the NIS server at login. Moreover, since V239, that file also specifies RestrictAddressFamilies=AF_UNIX AF_NETLINK , dropping AF_INET AF_INET6 from the list.

There are a few possible solutions:

  • Whitelist the address or address range of your NIS server:

This can be done by creating a new .conf file within the /etc/systemd/system/systemd-logind.service.d/ , with these lines (the following allows connections from 10.0.*.* , edit as appropriate):

This survives a reboot and updates of the systemd toolchain. It also avoid having to open your system to any IP address.

  • Override the system’s default systemd-logind.service with a modified local version:

and comment out the line IPAddressDeny=any to read # IPAddressDeny=any . As of V239, you will also need to add AF_INET AF_INET6 to the RestrictAddressFamilies=AF_UNIX AF_NETLINK line.

This solution survives an update of the systemd toolchain and keeps working after a reboot. It does however override all settings in the unit file supplied with systemd , which may cause issues down the track if other unrelated settings are changed upstream. It also opens up access to any IP address, which is not recommended.

  • Modify the system’s default systemd-logind.service directly:
Читайте также:  Скинуть настройки до заводских андроид линукс минт

Works, but not a recommended solution since it will not survive an update of the systemd toolchain:

and comment out the line IPAddressDeny=any to read # IPAddressDeny=any . As of V239, you will also need to add AF_INET AF_INET6 to the RestrictAddressFamilies=AF_UNIX AF_NETLINK line.

Note that this also opens up access to any IP address, which is not recommended.

Источник

Глава 13. Сетевая информационная система (NIS)

Когда Вы запускаете локальную вычислительную сеть, Ваша цель обеспечить пользователям среду, которая делает сеть простой. Важной частью этого является синхронизация данных типа учетных записей пользователей между всеми машинами. Мы видели, что для поиска имени хоста существует мощный и сложный сервис DNS. Для других задач нет такого специализированного сервиса. Кроме того, если Вы управляете маленькой LAN без выхода в Internet, устанавливать DNS иногда не оправдано.

Поэтому фирма Sun разработала Network Information System (NIS). NIS обеспечивает универсальные средства доступа к базе данных, которая может использоваться, например, чтобы распределять информацию, содержащуюся в файлах passwd и groups на все компьютеры в Вашей сети. Точно так же Вы можете использовать NIS, чтобы распределить информацию о hostname из файла /etc/hosts на все машины в сети.

NIS основан на RPC, включает сервер, клиентскую библиотеку и несколько административных инструментальных средств. Первоначально NIS был назван желтыми страницами или YP ( Yellow Pages), это название все еще используется, чтобы обратиться к нему. К сожалению, это имя является маркой компании British Telecom, которая требовала, чтобы Sun отказалась от его использования. Тем не менее, YP остался префиксом в именах команд, относящихся к NIS таких, как ypserv и ypbind.

Сегодня NIS доступен фактически для всех Unix, и имеются свободные реализации. BSD Net-2 был основан на публичной версии, выпущенной Sun. Код клиентской библиотеки из этого релиза долго присутствовал в Linux libc , а административные программы были перенесены в Linux Swen ThЭmmler. Сервер NIS в публичной версии отсутствовал.

Peter Eriksson разработал новую версию под именем NYS. Она поддерживает как NIS, так и Sun NIS+. NYS не только обеспечивает набор инструментальных средств NIS и сервер, но также добавляет целый набор новых библиотечных функций, которые должны компилироваться в libc , если Вы желаете использовать этот пакет. Это включает новую схему конфигурации преобразования имен, которая заменяет текущую схему, использующую host.conf .

GNU libc, известная как libc6 , в сообществе Linux, включает модифицированную версию традиционной поддержки NIS, разработанную Thorsten Kukuk. Она поддерживает все библиотечные функции NYS и также использует расширенную схему конфигурации NYS. Вам все еще нужны инструментальные средства и сервер, но использование GNU libc избавляет от проблем с библиотеками.

Эта глава в основном рассматривает поддержку NIS в GNU libc . Для двух других пакетов приведенные здесь инструкции тоже могут пригодиться. Подробнее о вопросе можно узнать в NIS-HOWTO, кроме того на английском языке есть книга Managing NFS and NIS (автор Hal Stern, издательство O’Reilly).

Знакомство с NIS

NIS хранит информацию базы данных в файлах карт ( maps), которые содержат пары ключ=значение. Примером такой пары является имя пользователя и зашифрованная форма его пароля для входа в систему. Карты хранятся на центральном главном компьютере, управляющем сервером NIS, откуда клиенты могут брать информацию через различные обращения RPC. Часто карты хранятся в DBM-файлах. DBM это простая библиотека управления базами данных, которая использует методы хеширования, чтобы ускорить операции поиска. Имеется свободная реализация DBM из проекта GNU, названная gdbm, которая является частью большинства дистрибутивов Linux.

Карты обычно генерируются из текстовых файлов типа /etc/hosts или /etc/passwd . Для некоторых файлов будет создано несколько карт, по одной для каждого типа ключа поиска. Например, Вы можете искать в файле hosts имя машины или ее IP-адрес. Соответственно, из этого файла будут получены две NIS-карты hosts.byname и hosts.byaddr . Таблица 13-1 перечисляет наиболее распространенные карты и файлы, из которых они сгенерированы.

Таблица 13-1. Стандартные карты NIS и соответствующие им файлы

Источник

Linux – Network Information Service

The Network Information Service, or NIS (initially called YP or yellow pages), is a mainframe-client index service convention for circulating server configuration information, for example, client and host names between PCs on a PC network. Sun Microsystems built up the NIS; the innovation is authorized to essentially all other Unix merchants. Since British Telecom PLC claimed the name “Yellow Pages” as an enlisted brand name in the United Kingdom for its paper-based, business phone catalog, Sun changed the name of its framework to NIS, however, all the orders capacities actually start with “yp”. A NIS/YP framework keeps up and disseminates a focal index of the client and gathering information, hostnames, email pseudonyms, and other content-based tables of information in a PC network. For instance, in a typical UNIX climate, the rundown of clients for ID is put in/and so forth/passwd and mystery verification hashes in/and so on/shadow. NIS includes another “worldwide” client list which is utilized for recognizing clients on any customer of the NIS area. Administrators can arrange NIS to serve secret key information to outside cycles to verify clients utilizing different variants of the Unix crypt(3) hash calculations. In any case, in such cases, any NIS(0307) customer can recover the whole secret phrase information base for disconnected investigation. Kerberos was intended to deal with confirmation in a safer way.

Читайте также:  Как стереть все данные с компьютера windows

We utilize the Linux NIS mainframe (Network Information Service) for sharing basic information put away in level documents between frameworks on a network. It is frequently ideal to have a mutual archive, (for example, NIS) for putting away clients and gatherings information as opposed to putting away them in level documents like/and so forth/passwd. So what is the advantage of that? By making such documents accessible through the NIS worker, that would permit any distant NIS customer machine to access or question the information in these mutual records and use them as expansions to the nearby forms.

NIS isn’t for sharing records. We can share any even document which in any event has one section with an extraordinary worth by means of NIS like/and so on/services record. The primary advantage of utilizing the NIS worker is that you keep your information and records, and spread any updates to all clients. A few clients, particularly Windows clients, may think this is a kind of Active Directory like service. The Linux NIS worker is more established than Active Directory and not a reproduce for it.

NIS Introduction:

By running NIS, the framework administrator can disperse administrative information bases, called maps, among an assortment of mainframes (ace and slaves). The administrator can refresh those information bases from a brought together area in a programmed and solid design to guarantee that all customers share a similar naming service information predictably all through the network. NIS was grown freely of DNS and has a marginally extraordinary core interest. While DNS centers around making correspondence less difficult by utilizing machine names rather than mathematical IP addresses, NIS centers around making network administration more sensible by giving unified command over an assortment of network information. NIS stores information about machine names and addresses, yet additionally about clients, the network itself, and network services. This assortment of network information is alluded to as the NIS namespace.

Note — In certain settings machine names are alluded to have had names or machine names. This conversation utilizes a machine, yet some screen messages or NIS map names may utilize host or machine.

NIS Architecture:

NIS utilizes a customer worker plan. NIS mainframes offer types of assistance to NIS customers. The primary workers are called ace workers, and for unwavering quality, they have reinforcement or slave workers. Both ace and slave workers utilize the NIS information recovery programming and both store NIS maps. NIS utilizes domains to mastermind the machines, clients, and networks in its namespace. Nonetheless, it doesn’t utilize an area chain of command; a NIS namespace is level.

A NIS domain can’t be associated straightforwardly to the Internet utilizing just NIS. Notwithstanding, associations that need to utilize NIS and furthermore be associated with the Internet can consolidate NIS with DNS. You can utilize NIS to deal with all neighborhood information and use DNS for the Internet to have queries. NIS gives a sending service that advances have queries to DNS if the information can’t be found in a NIS map. The Solaris working climate additionally permits you to set up the nsswitch.conf record with the goal that has query demands go just to DNS, or to DNS and afterward NIS on the off chance that not found by DNS, or to NIS and afterward DNS if not found by NIS.

NIS Machine Types: There are three kinds of NIS machines:

  • Ace mainframe
  • Slave mainframe
  • Customers of NIS mainframes

Any machine can be a NIS customer, however, just machines with plates ought to be NIS workers, either ace or slave. Workers are likewise customers, ordinarily of themselves.

Читайте также:  Как отключить центр обновления windows 10 при установке принтера

NIS Servers:

The NIS mainframe doesn’t need to be a similar machine as the NFS record worker. NIS mainframes come in two assortments, ace, and slave. The machine assigned as ace worker contains the arrangement of guides that the framework administrator makes and updates as important. Every NIS space must have one, and just one, ace worker, which can engender NIS refreshes with the least presentation debasement. We can assign extra NIS workers in the domain as slave workers. A slave worker has a total duplicate of the ace arrangement of NIS maps. At whatever point the ace worker maps are refreshed, the updates are proliferated among the slave workers. Slave workers can deal with any flood of solicitations from the ace worker, limiting “worker inaccessible” mistakes.

Ordinarily, the framework administrator assigns one ace worker for all NIS maps. Be that as it may, on the grounds that every individual NIS map has the machine name of the ace worker encoded inside it, you could assign various workers to go about as ace and slave workers for various guides. To limit disarray, assign a solitary worker as the ace for all the guides you make inside a solitary area. The models in this part expect that one worker is the ace for all guides in the space.

NIS Clients:

NIS customers run measures that demand information from maps on the workers. Customers don’t make a differentiation among ace and slave workers, since all NIS workers ought to have a piece of similar information.

NIS Elements:

The NIS naming service is made out of the accompanying components:

  • Domains
  • Guides
  • Daemons
  • Utilities
  • NIS Command Set

The NIS is an information base that contains a progression of tables. It makes tables from text records like/and so on/passwd,/and so forth/services, and some other plain documents. Each table may contain one section or more with a novel key on each line. You can consider it like any typical information base. You can question these tables in two different ways:

  • Posting the whole table
  • Pulling a particular passage via looking

At the point when a program solicitations to look for a client secret phrase subtleties, the customer checks the/and so on/passwd record to check on the off chance that the client doesn’t exist there; the customer at that point approaches the NIS worker to look for it in the/and so on/passwd table from the NIS worker. You can utilize any of the services and applications that accompany the NIS mainframe:

  • ypserv: This service sits tight for inquiries and offers responses to NIS customers.
  • ypbind: This is the customer side of NIS.
  • ypxfrd: You can utilize this service for sending the NIS information bases from ace MIS workers to slave workers.

The NIS Domain: A NIS domain is an assortment of machines that share a typical arrangement of NIS maps. Every space has an area name and each machine sharing the basic arrangement of guides has a place with that area. Any machine can have a place with a given area, as long as there is a mainframe for that space’s guides in a similar network. A NIS customer machine acquires its area name and ties to a NIS worker as a component of its boot cycle.

Five daemons are utilized in order to provide the NIS service:

Daemon Function
ypserv Server process
ypbind Binding process
ypxfrd High-speed map transfer
rpc.yppasswdd NIS password update daemon
rpc.ypupdated Modifies other maps such as publickey

A total of 9 utilities support the NIS service:

Utility Function
makedbm Makes dbm record for a NIS map
ypcat Records information in a guide
ypinit Fabricates and introduces a NIS information base and instates NIS customer’s ypservers list
ypmatch Finds a particular passage in a guide
yppoll Gets a guide request number from a worker
yppush Proliferates information from NIS ace to NIS slave worker
ypset Sets binding to a specific mainframe
ypwhich Records name of the NIS mainframe and alias interpretation table
ypxfr Moves information from ace to slave NIS mainframe

Applications of NIS:

There are some valuable apparatuses that can assist you with dealing with the information in the information base.

  • ypcat: You can utilize this to get information from the NIS worker by separating it from the NIS map.
  • ypwhich: gets the name of the Linux NIS worker that is reacting to your solicitations.
  • ypmatch: instead of snatching the whole guide, or you can look by key to get a particular section.

Источник

Оцените статью
© 2024 Советы по настройке компьютера