[NTLUG:Discuss] NIS capabilities? - noobie

Fri Apr 10 08:45:37 CDT 2009

On Thu, 2009-04-09 at 14:48 +0530, namit.bhalla at wipro.com wrote:
>> Hi,
>> I am completely new to the concept of NIS and wish to know what all
can
>> be done using NIS.
>> >From what I have read so far, NIS can be used to allow any user to
log
>> on to any client system 
>> on a network by having a central database of the passwd files etc.
>> I have also read that NIS can be used to "share a common set of
>> configuration files". 
>> Could someone please clarify what kind of central configuration is
>> possible using NIS?
>> How can an admin "control" the users in a domain using NIS? For
>> instance, in Windows, the 
>> admin can use Active Directory to establish a common date format for
all
>> clients.
>> Can NIS be used for such purposes.

On Thu, 2009-04-09, cjcox at acm.org wrote:
> No.  NIS presents simple key-value "maps" from a centralized
> location (does support a master-slave paradigm) which can be
> used by clients programs that understand how to pull that
> data.  There ARE tools that come with NIS that can be used to
> pull the key-value maps and store them somewhere (so a cheap
> arbitrary distribution mechanism can be built when certain
> clients don't understand NIS but can read from a file).

> So... what all understands NIS?  Good question.  If you have
> services that are PAM aware... then they are NIS aware, but NIS
> aware for PAM mainly means users (passwd map) and groups (group map)..
> and possibly netgroups (special map that contains groups lists of
users
> and/or hosts that can be used to allow/deny etc access).

> With NIS it's easy to setup users and groups that can be used
> across all *ix systems.  You can think of it like /etc/passwd
> and /etc/group, except one source of that for all machines.

> Another popular thing is to push "auto" maps through NIS.  This are
> files that can be used by the autofs (autmounter) process on
> *ix boxes to control (usually) the NFS client mounts for boxes.

> You often see the two ideas (users/groups and autofs) used to
> create a common set of users and their home directories across
> a network.  Thus, I log in as "chris" and I always see the same
> home directory, no matter which box I'm accessing.

> NIS existed before DNS (as far as Sun is concerned), so NIS
> CAN push out a host map (think of /etc/hosts).  But IMHO, don't
> do that, use DNS instead.

> Most mail clients can honor a NIS aliases map for mail aliases... but
> again, that's probably handled somewhere else.

> I guess, all in all, it's not an easy question to give a pat
> answer to.  You CAN do quite a lot with NIS (really... you can).
> But, in general, unless you want to spend a lot of time on
> each and every client, the safest most portable and useful things
> you can use NIS for are making user/groups and automounter maps
> available throughout the network.

Thanks Chris for the detailed answer.
That actually leads me to the next question - in *ix world, what do we
have 
that is analogous to AD in Windows? [perhaps I am going off-topic here].
That is, how can an admin enforce policies across an enterprise?
I would imagine a server component that responds to LDAP requests and an

LDAP client. Is that correct?

Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. 

www.wipro.com