[NTLUG:Discuss] NIS capabilities? - noobie

[Robert Pearson]

On 4/9/09, namit.bhalla at wipro.com <namit.bhalla at wipro.com> wrote:
> Hi,
>  I am completely new to the concept of NIS and wish to know what all can
>  be done using NIS.
>  >From what I have read so far, NIS can be used to allow any user to log
>  on to any client system
>  on a network by having a central database of the passwd files etc.
>  I have also read that NIS can be used to "share a common set of
>  configuration files".
>  Could someone please clarify what kind of central configuration is
>  possible using NIS?
>  How can an admin "control" the users in a domain using NIS? For
>  instance, in Windows, the
>  admin can use Active Directory to establish a common date format for all
>  clients.

Not sure what you mean here by "common data format"?

>  Can NIS be used for such purposes.
>
>  Any pointers would be of great help.
>  Thanks!
>

Here's what Wikipedia says about NIS (and I agree with it):
<http://en.wikipedia.org/wiki/Network_Information_Service>
[Wikipedia excerpt]
The Network Information Service or NIS (originally called Yellow Pages
or YP) consists of a client-server directory service protocol for
distributing system configuration data such as user and host names
between computers on a computer network. Sun Microsystems developed
the NIS and licenses this technology to virtually all other Unix
vendors.

Because British Telecom PLC owned the name "Yellow Pages" as a
registered trademark in the United Kingdom for its (paper-based)
commercial telephone directory, Sun changed the name of its system to
NIS, though all the commands and functions still start with “yp”.

An NIS/YP system maintains and distributes a central directory of user
and group information, hostnames, e-mail aliases and other text-based
tables of information in a computer network. For example, in a common
UNIX environment, the list of users for identification is placed in
/etc/passwd, and secret authentication hashes in /etc/shadow. NIS adds
another “global” user list which is used for identifying users on any
client of the NIS domain.

[*** highlighted for importance by me, not Wikipedia]

*** Administrators have the ability to configure NIS to serve password
data used to authenticate users against as well; however, not only is
this cumbersome to do without resorting to DES encrypted passwords
(which are known to be weak) if multiple OSs are in use, it also
allows any NIS client to retrieve the whole password database for
offline inspection. Kerberos was designed to handle authentication in
a more secure manner.

*** In many environments other directory services — arguably more
modern and secure than NIS, such as LDAP — have come to replace it.
For example, slapd (the standalone LDAP daemon) generally runs as a
non-root user, and SASL-based encryption of LDAP traffic is natively
supported.

*** On large LANs, DNS servers may provide better nameserver
functionality than NIS or LDAP can provide, leaving just site-wide
identification information for NIS master and slave systems to serve.
However, some functions — such as the distribution of netmask
information to clients, as well as the maintenance of e-mail aliases —
may still be performed by NIS or LDAP.
[End Wikipedia excerpt]

[mycomment]
It is a question of scale.
Pick your environment:
Personal Computing
SOHO - maybe LDAP
SMB - LDAP (or with) Active Directory
Enterprise - LDAP, DNS, Other, Active Directory, Identity Management

There are some new "Identity Management" tools to look at.

YMMV