Chapter 13 Using Name Services

The network information service (NIS), which is part of the SunOS release 4 environment, is gradually being replaced with the network information service plus (NIS+). NIS+, introduced with the SunOS 5.0 system, is a completely redesigned name service that takes into account changes in customer client/server environments. DNS ( domain name system) is an existing, complementary name service used for intercompany Internet communication. This chapter discusses NIS+ and compares it to NIS and DNS.

• "Name Service Switch"

• "NIS+"

• "DNS"

• "DNS and NIS+ Comparison"

• "NIS and NIS+ Comparison"

• "Planning NIS+ Upgrade"

For more information about planning an NIS+ upgrade and installing NIS+, see NIS+ Transition Guide and Solaris Naming Setup and Configuration Guide.

---

Note -

The system administration documentation set for the Solaris 7 operating environment emphasizes a system that is using NIS+.

---

Name Service Switch

The Solaris 7 operating environment uses standard naming interfaces (for example, gethostbyname) to support multiple naming services (such as NIS, NIS+, and DNS, among others), thereby allowing applications to access data transparently from different services. One instance of this is the Name Service Switch capability in the Solaris 7 operating environment, which allows applications to use a UNIX standard naming interface (for example, getxxbyyy interfaces). See the nsswitch.conf(4) man page for more information.

NIS+

NIS+ is a name service built on top of the ONC transport-independent remote procedure call (TI-RPC) interface. NIS+ has significant advantages over NIS in the areas of security, performance, scalability, and administration.

DNS

DNS supports the model of a hierarchical name space with autonomously administered name servers. Although NIS+ uses a similar hierarchical naming model, it focuses on supporting changing system administration data and other requirements of enterprise networks.

DNS and NIS+, therefore, are complementary name services:

• DNS is used for intercompany communication

• NIS+ supports administration of enterprise networks

DNS and NIS+ Comparison

Table 13-1 shows the features and benefits of DNS compared to NIS+.

Table 13-1 DNS and NIS+ Features and Benefits Compared

Feature	DNS	NIS+
Security	Unrestricted access to data	All operations can be authenticated
		Administrator designates access rights for objects and entries
API and human interface	Allows read-only access to name service	Allows read-write access to name service. Provides:  - Efficient support of changing network environment  - API support of administrative operations  - Support of administrative and other distributed applications
Updating	By transfer of zone master files	By incremental data transfer  - Fast support of changing network environments  - Stronger consistency
Compatibility with NIS	Not applicable	Existing NIS applications can migrate smoothly
Data support	ASCII data only with packet size restriction	Binary and ASCII data. Provides:  - Support of variable information  - Support of larger objects

The main strength of DNS is in supporting hierarchical database partitions and replicas containing entries of relatively static information (such as host name and IP address). DNS enables you to access the Internet.

NIS+, in contrast, is a secure repository of changing administrative information (such as email aliases, Ethernet addresses, RPC program numbers) for enterprise networks.

NIS and NIS+ Comparison

Table 13-2 summarizes several major enhancements in NIS+ compared to NIS.

Table 13-2 NIS and NIS+ Features Compared

Feature	NIS	NIS+
Name space	Has a flat on-hierarchical organization; centralized flat file database for each independent network domain	Has a hierarchical organization; partitioned into directories to support each network subset or autonomous domain
Data Storage Scheme	Multiple bicolumn "maps" (files) having key-value pairs	Multicolumn database with multiple, searchable columns
Resource Access Across Domains	Not supported	Permitted for authorized users
Privileges for   Updating	Updates require superuser privileges on master server	Updates can be performed remotely by authorized users
Update Process	Updates require using make files on master servers	Updates are performed easily through command-line interface
Update   Propagation	Is administrator initiated and requires transfer of whole maps	Automatic and high-performance updating via incremental transfer
Security	Database not secure	Fine-grained access control to NIS+ directories, table column, and entries
Commands and Functions Prefixes	Prefixed by the letters yp, as in ypmatch(1) and ypcat(1)	Prefixed by the letters nis, as in nismatch(1) and nischown(1)

NIS+ includes features that enable NIS sites to migrate to the new name service in a smooth, phased manner. NIS sites that migrate to NIS+ will gain the following benefits:

• Distributed and remote administration of network domains by authorized users

• Support for hierarchical domains

• Fast and automatic propagation of updates from master to replica servers

• Fine-grained access to tables and network resources

• Easier and more consistent administrative operations

• Increased naming service reliability and availability

Planning NIS+ Upgrade

NIS+ supports the following combinations of operating environments:

• SunOS release 5.7 software installed on all servers and clients

• SunOS release 5.7 software installed on one server, but combined with some SunOS release 4 servers

  For a network, there are three main migration paths from NIS to the NIS+ name service:

• Upgrade all servers and clients to NIS+

• Upgrade all servers at once to NIS+ and enable its compatibility mode to support SunOS release 4 clients

• Use different domain names so NIS and NIS+ can coexist

  The first step to upgrading your network is to decide which servers to upgrade to the NIS+ name service and which servers can continue to run NIS. See NIS+ Transition Guide for more information.