Linux Network Admistrator's Guide

[ Pobierz całość w formacie PDF ]
.NIS+ is structured entirely differently fromNIS.Instead of a flat namespace with disjoint NIS domains, NIS+ uses a hierarchical namespace similar to thatof DNS.Instead of maps, so-called tables are used that are made up of rows and columns, in which each rowrepresents an object in the NIS+ database and the columns cover properties of the objects that NIS+ knows andcares about.Each table for a given NIS+ domain comprises those of its parent domains.In addition, an entry in atable may contain a link to another table.These features make it possible to structure information in many ways.NIS+ additionally supports secure and encrypted RPC, which helps greatly to solve the security problems ofNIS.Traditional NIS has an RPC Version number of 2, while NIS+ is Version 3.At the time we're writing, there isn'tyet a good working implementation of NIS+ for Linux, so it isn't covered here.The Client Side of NISIf you are familiar with writing or porting network applications, you may notice that most of the NIS maps listedpreviously correspond to library functions in the C library.For instance, to obtain passwd information, you gen-erally use the getpwnam and getpwuid functions, which return the account information associated with the givenusername or numerical user ID, respectively.Under normal circumstances, these functions perform the requestedlookup on the standard file, such as /etc/passwd.An NIS-aware implementation of these functions, however, modifies this behavior and places an RPC call to theNIS server, which looks up the username or user ID.This happens transparently to the application.The function185may treat the NIS data as though it has been appended to the original passwd file so both sets of information areavailable to the application and used, or as though it has completely replaced it so that the information in thelocal passwd is ignored and only the NIS data is used.For traditional NIS implementations, there were certain conventions for which maps were replaced and whichwere appended to the original information.Some, like the passwd maps, required kludgy modifications of thepasswd file which, when done incorrectly, would open up security holes.To avoid these pitfalls, NYS and theGNU libc use a general configuration scheme that determines whether a particular set of client functions uses theoriginal files, NIS, or NIS+, and in which order.This scheme will be described later in this chapter.Running an NIS ServerAfter so much theoretical techno-babble, it's time to get our hands dirty with actual configuration work.In thissection, we will cover the configuration of an NIS server.If an NIS server is running on your network, you won'thave to set up your own; in this case, you may safely skip this section.Note that if you are just going to experiment with the server, make sure you don't set it up for an NIS domainname that is already in use on your network.This may disrupt the entire network service and make a lot of peo-ple very unhappy and very angry.There are two possible NIS server configurations: master and slave.The slave configuration provides a livebackup machine, should your master server fail.We will cover the configuration only for a master server here.The server documentation will explain the differences, should you wish to configure a slave server.There are currently two NIS servers freely available for Linux: one contained in Tobias Reber's yps package, andthe other in Peter Eriksson's ypserv package.It doesn't matter which one you run.After installing the server program (ypserv) in /usr/sbin, you should create the directory that is going to holdthe map files your server is to distribute.When setting up an NIS domain for the brewery domain, the mapswould go to /var/yp/brewery.The server determines whether it is serving a particular NIS domain by checking ifthe map directory is present.If you are disabling service for some NIS domain, make sure to remove the direc-tory as well.Maps are usually stored in DBM files to speed up lookups.They are created from the master files using a pro-gram called makedbm (for Tobias's server) or dbmload (for Peter's server).Transforming a master file into a form that dbmload can parse usually requires some awk or sed magic,which tends to be a little tedious to type and hard to remember [ Pobierz całość w formacie PDF ]

Wątki