Introducing the Network Information Service for Linux
I will describe how to set up NIS on a Linux machine running the Red Hat 4.2 distribution. However, what I cover is generally applicable to any Linux machine running a libc5-based system with the NYS NIS support library included in the libc (as the case is with Red Hat), or a new libc6 system. If you are unfortunate enough not to fall into either of these cases, I suggest upgrading your Linux distributions across the board, or going out and getting a different libc at sunsite.unc.edu. (Upgrading libc is not a task for the faint-of-heart.)
The two packages required to make Red Hat Linux into an NIS client are yp-clients-2.2 and ypbind-3.3. These tools start with the letters “yp” for historical reasons. If you want to get the tar.gz files, they are available at ftp://ftp.uni-paderborn.de/linux/local/yp/. Otherwise, you can use pre-packaged RPMs from any Red Hat FTP site. The yp-clients package is in the standard binary RPMS directory, but the ypbind package is only available in the “contrib/SRPMS” area. You can run NIS without ypbind, but not all features will be available. You will want those features though, so get the RPM or source code, compile it and install.
Once you have those packages installed, verify that you have the portmapper running. The portmapper enables the Remote Procedure Call (RPC) mechanism, which is used by NIS and NFS, among other things. If you are already running NFS, you don't need to worry. Otherwise, install the portmap package for your appropriate distribution; it should be included.
Now that you have the various components installed, you must set up a few configuration files to enable NIS at boot-time. First, you have to determine the NIS domain in which the client will run. This is not the same thing as your DNS domain, although sometimes the name is the same. The traditional location for the NIS domain is in the file /etc/defaultdomain. This file should contain a single line with the name of your NIS domain, for example, econ.yale.edu. However, this file's mere presence does not set the domain name; to actually set the name you must use the domainname command. Usually this is done at boot time from the init scripts. On Red Hat, add the line:
domainname `cat /etc/defaultdomain`
near the top of /etc/rc.d/rc.sysinit. On non-SYSV init systems like Slackware, the appropriate file to change would most likely be /etc/rc.d/rc.inet2. The main objective is to get domainname to run “early” in the boot process, before other network services that might depend on NIS run, but after the network hardware is initialized and the IP address information is set.
Next, you have to start the ypbind daemon, which turns on the NIS client services. If you installed the ypbind RPM referenced above, the proper SYSV-style startup files should be ready to go. Otherwise, you will have to start ypbind yourself. Insert the call to /usr/sbin/ypbind right after the line initializing the NIS domain name.
Third, create the file /etc/yp.conf and include the line:
Replace servername with the host name of your NIS master or slave server, whose host name must also be listed in /etc/hosts. You can list multiple servers on separate lines; if one host is down at boot time, the client will try the others. Failure to create this file will not disable NIS, but ypbind will broadcast a request for a server across your entire IP subnet, and this can be a major security hole. Someone can set up a renegade NIS server on your subnet and then feed you false configuration files. Better safe than sorry—create /etc/yp.conf.
That wasn't too bad, was it? Now you're ready to go. Reboot your machine, and when it comes back up, log in and do a few diagnostics. First type domainname without any arguments to be sure that it responds with the proper NIS domain. If not, check that the command to set the domain has run properly. Then type ypwhich, the command to tell you which NIS server you are talking to. If all is well, it will respond with the one you listed in the /etc/yp.conf file. Now it's time to put NIS to work.
There are a number of useful command-line utilities, used to query the NIS system, that come with the yp-clients package. ypwhich tells you what NIS server you are bound to. Typing the command ypcat filename will display the contents of a file served over NIS. For example, ypcat passwd will display the NIS password file. Typing the command ypmatch key filename will match a “key” in the file name specified. For instance, I could do a ypmatch pbrown passwd, and it would return the entry for my account. These commands can be useful in shell scripts, debugging NIS setup troubles and numerous other creative ways.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Humble Hacker?
- Server Hardening
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- ACI Worldwide's UP Retail Payments
- Open-Source Project Secretly Funded by CIA
- Varnish Software's Hitch
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide