DistributedNetworks DistributedNetworks

NIS Client Networking  «Prev  Next»
Lesson 8

NIS System Conclusion

Instead of editing configuration files on each computer to give its unique network information, you can use NIS. The NIS system also makes the information on a network consistent across all machines. When you want NIS network information, it does not matter from which computer you are working; querying the NIS server will return the same information regardless of your host.

Learning Objectives

Having completed this module, you should now be able to:
  1. Describe the Network Information System
  2. Obtain information about the network
  3. Describe the function and purpose of nsswitch.conf
  4. Use authconfig to configure an NIS client machine
  5. Edit configuration files for the NIS client by hand
  6. Test the NIS client machine

Defining NIS client access

Add the IP addresses of the client computers that are allowed access to your NIS maps to the /var/yp/securenets file. By default, any computer on any network that can reach your NIS master can have access to your maps (which is not a secure situation). So, it is important that you configure this file. IP numbers can be given in the form of netmask/network pairs.
For example:

This example enables access to your NIS master server maps from all computers on network number 10.

Configuring access to maps

In the /etc/ypserv.conf file, you can define rules regarding which client host computers have access to which maps. You can also set several related options. Access rules in the ypserv.conf file have the following format:

Asterisks can replace host and map fields to create rules that match any host or map, respectively. The host is the IP address for the network or particular host for which the rule applies. The map is the name of the map for which you are defining access. The security is replaced by none (to always allow access), port (to allow access from a port less than port number 1024), deny (to deny access to this map), or des (to require DES authentication).

The mangle is replaced by yes or no (to indicate if a field in the map should be replaced by an x if a request comes from an unprivileged host). If the mangle is set to yes, field is replaced by the name of the field that should be mangled (the second field is used by default). The following options can be set in the ypserv.conf file:
  1. dns: If yes (dns:yes), NIS will query the TCP/IP name server for hostnames when hostnames are not found in maps. By default, dns:no is set.
  2. xfr_check_port: If yes (xfr_check_port:yes), the NIS master server must run on a port that is less than port number 1024. If no, any port number may be used. By default, this is set to yes.
If you make changes to the /etc/ypserv.conf file, the ypserv daemon will pick up those changes the next time your system reboots. Alternatively, you can have ypserv read the contents of the file immediately by sending the ypserv process a SIGHUP signal. By default, the following line in /etc/ypserv.conf allows all hosts access to all maps:
* : * : none

Glossary Terms

The following terms were introduced in this module:
  1. Broadcast: To send information to an IP address that all network hosts listen to. You can broadcast a message across an entire subnet.
  2. Key: In databases, a key is a parameter that holds a value. For example the value of hostname could be its IP address.
  3. NIS: The Network Information Service. A protocol used to provide network information to clients upon request.
The next module covers NFS client networking.

NIS Client Networking - Quiz

Before moving on to the next module, click the Quiz link below to check your understanding of NIS client networking.
NIS Client Networking - Quiz