Network Information Service
The Network Information Service, or NIS (originally called Yellow Pages or YP), is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network. Sun Microsystems developed the NIS; the technology is licensed to virtually all other Unix vendors.
Because British Telecom PLC owned the name "Yellow Pages" as a registered trademark in the United Kingdom for its paper-based, commercial telephone directory, Sun changed the name of its system to NIS, though all the commands and functions still start with "yp".[1]
A NIS/YP system maintains and distributes a central directory of user and group information, hostnames, e-mail aliases and other text-based tables of information in a computer network. For example, in a common UNIX environment, the list of users for identification is placed in /etc/passwd and secret authentication hashes in /etc/shadow. NIS adds another "global" user list which is used for identifying users on any client of the NIS domain.
Administrators have the ability to configure NIS to serve password data to outside processes to authenticate users using various versions of the Unix crypt(3) hash algorithms. However, in such cases, any NIS(0307) client can retrieve the entire password database for offline inspection. Kerberos was designed to handle authentication in a more secure manner.
Successor technologies
The original NIS design was seen to have inherent limitations, especially in the areas of scalability and security, so other technologies have come to replace it.
Sun introduced NIS+ as part of Solaris 2 in 1992, with the intention for it to eventually supersede NIS. NIS+ features much stronger security and authentication features, as well as a hierarchical design intended to provide greater scalability and flexibility. However, it was also more cumbersome to set up and administer, and was more difficult to integrate into an existing NIS environment than many existing users wished. NIS+ has been removed from Solaris 11.[2]
As a result, many users choose to stick with NIS, and over time other modern and secure distributed directory systems, most notably Lightweight Directory Access Protocol (LDAP), came to replace it. For example, slapd
(the standalone LDAP daemon) generally runs as a non-root user, and SASL-based encryption of LDAP traffic is natively supported.
On large LANs, DNS servers may provide better nameserver functionality than NIS or LDAP can provide, leaving just site-wide identification information for NIS master and slave systems to serve. However, some functions—such as the distribution of netmask information to clients, as well as the maintenance of e-mail aliases—may still be performed by NIS or LDAP. NIS maintains an NFS database information file as well as so called maps.
See also
- Dynamic Host Configuration Protocol (DHCP)
- Hesiod (name service)
- Name Service Switch (NSS)
- Network information system, for a broader use of NIS to manage other system and networks
References
- David N. Blank-Edelman (2009). Automating System Administration with Perl: Tools to Make You More Efficient. O'Reilly Media. p. 151. ISBN 9780596555634.
- "End of Feature Notices for Oracle Solaris 11". Oracle Corporation. 2012-12-20.
External links
- Thorsten Kukuk (2003-07-01). "The Linux NIS(YP)/NYS/NIS+ HOWTO". Linux Documentation Project.
- Van Emery (2005-04-15). "Distributed Authentication System (DAS) Handbook". Archived from the original on 2006-07-15.
- Kristy Westphal (2001-01-22). "NFS and NIS Security". Symantec.
- "Red Hat Enterprise Linux 6: 2.2.3. Securing NIS". Red Hat.
- Frédéric Raynal (2001-06-29). "Yellow Pages, part 1". ibiblio.
- Resources on how to replace NIS can be found at the NIS Migration Resource Site