Network Information System Saher Hasan Mohammed Department of - - PowerPoint PPT Presentation

network information system
SMART_READER_LITE
LIVE PREVIEW

Network Information System Saher Hasan Mohammed Department of - - PowerPoint PPT Presentation

Nov 30, 2022 424 likes •709 views

Network Information System Saher Hasan Mohammed Department of Computer Science SIUC smohammed@csmail.cs.siu.edu Outline Introduction Getting Acquainted with NIS Configuration Details Configuring NIS Server NIS Server

slide-1
SLIDE 1

Network Information System

Saher Hasan Mohammed Department of Computer Science SIUC smohammed@csmail.cs.siu.edu

slide-2
SLIDE 2

Outline

  • Introduction
  • Getting Acquainted with NIS
  • Configuration Details

➢ Configuring NIS Server ➢ NIS Server Security ➢ Configuring NIS Client

  • Choosing the Right Map
  • Pros & Cons of NIS
slide-3
SLIDE 3

Introduction

  • When running a LAN, the main issue is to

provide a network transparent environment for the user

  • This can be achieved by keeping vital data

such as user information on a central machine

  • This provides users with the freedom to

move from machine to machine to machine

  • Data that is centrally stored doesn't need to

be replicated

slide-4
SLIDE 4

Contd..

  • Data that is centrally stored does not need to

be replicated

  • Consistency of the data can be maintained
  • Increased flexibility- as the user can move

from one host to another

  • NIS was developed by Sun, which provides a

generic access to database

  • NIS is based on RPC
slide-5
SLIDE 5

Getting Acquainted with NIS

  • NIS keeps database information in files

called maps

  • Maps contain the information in key value

pair

  • Maps are stored on a central host running a

NIS server

  • Clients can retrieve information through

various RPC calls

slide-6
SLIDE 6

Contd..

  • Maps are usually generated from master text

files such as /etc/hosts or /etc/passwd

  • Some files can have several maps
  • For instance a hosts file can have

hosts.byname and host.byaddr if we are searching the hosts file for hostname and IP address respectively

slide-7
SLIDE 7

Contd..

  • Master File Map(s) Description
  • /etc/hosts hosts.byname, Maps IP addresses to host

hosts.byaddr names

  • /etc/networks networks.byname, Maps IP network addresses to

networks.byaddr network names

  • /etc/passwd passwd.byname, Maps encrypted passwords to

passwd.byuid user login names

  • /etc/group group.byname, Maps Group IDs to group

group.bygid names

slide-8
SLIDE 8

Contd..

  • Nicknames can be assigned to maps as they

are short and easy to type

  • Nicknames are only understood by ypcat and

ypmatch

  • To obtain a full list of nicknames, run the

following command

  • $ ypcat -x

Use "passwd" for "passwd.byname" Use "group" for "group.byname" Use "networks" for "networks.byaddr" Use "hosts" for "hosts.byaddr"

slide-9
SLIDE 9

Contd...

  • NIS server program is called ypserve
  • Network can have any number of NIS server

depending of the size of the network

  • In case of multipal servers, one of then is

master and the rest of them will be slave servers

  • Maps are only created on master servers and

are distributed to all slave servers

slide-10
SLIDE 10

Contd...

  • NIS domain is a collection of all hosts that

share part of their system configuration data through NIS

  • NIS domains have a purely administrative

functions

  • They are invisible to users
  • NIS domain name should be unique on your

local network

slide-11
SLIDE 11

Contd..

  • To set and display the NIS domain name use

the domainname command

  • When invoked without any arguments it

prints the current NIS domain name

  • Only superuser can set the domain name

# domainname domain-name

  • NIS domains determine which NIS server an

application will query

slide-12
SLIDE 12

Contd..

  • NIS implementation relyies on a special

deamon called ypbind to detect a suitable NIS server in theire domains

  • An application first finds out from ypbind

which server to use

  • ypbind probes for server by broadcasting to

the local IP network, the first to respond is assumed to be faster one and is used in all subsequent NIS queries

slide-13
SLIDE 13

Configuring NIS Server

  • Two possible NIS server configurations

master and slave

  • Slave server acts as a live backup machine if

the master server fails

  • Install the server program, ypserv, in

/usr/sbin

  • Create the directory which holds the maps

/var/yp/domain-name

slide-14
SLIDE 14

Contd..

  • Server determines whether it is serving a

particular NIS domain by checking if the map directory is presentMaps are usually stored in DBM files to speed up the lookups

  • Maps are created from the master files using

a program called dbmload

  • Transforming a master files into a form that

dbmload can parse is usuallya tedious process

slide-15
SLIDE 15

Contd..

  • The server program, ypserv contains a

Makefile program that manages the conversion of the most common master files install it as Makefile in the map directory and edit it to reflect the maps that the NIS server has to share

  • After editing the Makefile, while in the map

directory , type make

  • This will automatically generate and install

the maps

slide-16
SLIDE 16

NIS Server Security

  • NIS server security is based on securenets
  • It simply restricts access to the NIS server to

certain hosts, based on their IP address or network number

  • ypserv implements this feature in three ways
  • The first option is to use the /etc/hosts.allow

and /etc/hosts.deny

slide-17
SLIDE 17

Contd...

  • To restricts access to hosts from within a

particular domain, add the following lines to hosts.allow ypser: 172.16.2.

  • This will allow all hosts from IP network

172.16.2.0 access the NIS server

  • Similarly to shut out other hosts add the

following entry in hosts.deny ypser:ALL

slide-18
SLIDE 18

Contd..

  • The second option relies on a special

configuration file called /etc/ypserv.securenets

  • This configuration file is simple in structure
  • Each line describes a host that will be

allowed access to the server

  • Any address not describes by an entry in this

file will be refused access

slide-19
SLIDE 19

Contd...

  • A third option is to use the secure

portmapper instead of the securenet option

  • n ypserv
  • The secure portmapper uses the hosts.allow

scheme as well, but offers this for all RPC server, not just ypserv

  • Both the securenets option and the secure

portmapper should not be used at the same time, because of the overhead this authorization incurs

slide-20
SLIDE 20

Configuring NIS Client

  • The first step is to tell the NIS client which

server to use for the NIS services

  • ypbind is used to configure the NIS server to

use

  • The default behavior is to query the server on

the local network

  • If the host is mobile it is better to leave the

/etc/yp.conf file empty and it would query

  • n the local network for the local NIS server

wherever it happens to be

slide-21
SLIDE 21

Contd...

  • A more secured configuration is to set the

server name in the /etc/yp.conf configuration file

# yp.conf–YP configuration for the GNU libc library # ypserver server-name

  • The ypserver statement tells the hosts to use

the supplied NIS server for the local domain

  • Alternatively IP address can also be used as

an argument

slide-22
SLIDE 22

Contd...

  • In the from shown above, the ypserver

command tells ypbind to use the named server regardless of what the current NIS domain may be

  • If the client is moving between different NIS

domains frequently, information for several domains can be kept in the yp.conf file

slide-23
SLIDE 23

Contd...

  • Information can be maintained on the servers

for various NIS domains in the yp.conf by using the domain statement # yp.conf – YP configuration for the GNU libc

library # domain A server server-nameA domain B server server-nameB

  • This lets the laptop to be used in either of the

two domains at the boot time using the domainname command

slide-24
SLIDE 24

Choosing The Right Map

  • It is important to decide which configuration

files to replace or augment with NIS maps

  • Commonly NIS map are used for host and

password lookup functions

  • Generally choice has to be made when a look

up function uses the local files, when it queries he NIS server, and when it uses other servers such as DNS

slide-25
SLIDE 25

Contd..

  • This is controlled through /etc/nsswitch.conf,

which stands for Name Service Switch

  • For any of the data lookup function this file

contains a line naming the service to use

  • The right order of the services depends on

the type of the data each service is offering

  • services.byname map will contain same

entries as present in local services file, so its better to query the local files first

slide-26
SLIDE 26

Contd...

  • Host name information may change

frequently so the NIS server should always have the most accurate account, while the local hosts file is only kept as a backup if the NIS should fail

  • For hostsnames, check the local file last
slide-27
SLIDE 27

Pros & Cons of NIS

  • NIS is easy to learn and implement
  • NIS is not suitable for managing a large of

machines

  • NIS does not have any process to link NIS

domains

  • NIS slave server needs to poll the master

server regularly to get the latest information

  • n maps
  • If slave server is inaccessible then slave will

have a different version of maps