• Choose a category
• All
• Classic-Fiction

NT Domain is the directory service used in Windows NT. It was introduced by Microsoft in 1987 and was called Lan Manager at the time. NT Domain is intended to administer users, groups, printers, and hosts in a Windows environment. NT Domain now supports multilevel hierarchies, but requires a bilateral trust relationship between each domain. So if there are N domains in an organization, N * (N - 1) relationships need to be set up. NT Domain supports slightly better security than NIS. Perhaps the biggest issue with NT Domain is that it is an undocumented proprietary protocol, making it difficult for Windows and non-Windows systems to share NT Domain directory information.

Microsoft is moving away from NT Domain in favor of Active Directory, which is a derivation of the LDAP protocol and X.500.

While NT Domain is not supported on Solaris and most other Unix systems, if you have a mixed environment, you'll probably run into it.

Name service switch

With multiple directory services available, having the ability to access different ones is handy. Solaris has an /etc/nsswitch.conf file that for each database, which lets you decide what directory you want to get the database contents from. You can even specify multiple directories. For example, nsswitch.conf might have this entry:

hosts: files nis dns

This entry says that when gethostbyname( ) and gethostbyaddr( ) are called to look up hostnames and addresses, the interfaces will first try to find the information in the local /etc/hosts file, then check with NIS, then check with DNS. Be aware that some directory services can't be combined in nsswitch.conf. For example, you cannot have both NIS and NIS+ listed in nsswitch.conf, even for different databases.

Which directory service to use

Clearly, LDAP is the future for directory services on all operating systems, including Solaris. However, at the time this book was written, LDAP was only starting to be integrated with operating systems. Windows 2000 is the first such offering from Microsoft. Solaris 8 includes a fully integrated LDAP client, but no server. Moreover, LDAP is more complex to administer than other directory services.

NIS is perhaps the easiest to administer, but it is also the most limited. It is, however, the universal directory for Unix systems.

DNS is the standard for hostnames and addresses, and you'll find it handy for accessing hosts outside your domain.

NIS+ has gained some acceptance among other non-Solaris Unix operating systems, including HP's HP-UX, IBM, AIX, and Linux. NIS+ is much more secure than NIS.

This rest of this book ignores NIS+ and LDAP, and focuses on NIS and to some degree DNS, since those are what you are most likely to encounter. If you are concerned about security, you'll need to seriously consider deploying NIS+ until LDAP catches up. If security is not a concern, then NIS is fine.

Chapter 3. Network Information Service Operation

A major problem in running a distributed computing environment is maintaining separate copies of common configuration files such as the password, group, and hosts files. Ideally, the network should be consistent in its configuration, so that users don't have to worry about where they have accounts or if they'll be able to find a new machine on the network. Preserving consistency, however, means that every change to one of these common files must be propagated to every host on the network. In a small network, this might not be a major chore, but in a computing environment with hundreds or thousands of systems, simple administrative tasks can turn into all-day projects. Furthermore, without an automated tool for making changes, the probability of making mistakes grows with the size of the network and the number of places where changes must be made.

The Network Information System (NIS) addresses these problems. It is a distributed database system that replaces copies of commonly replicated configuration files with a centralized management facility. Instead of having to manage each host's files (like /etc/hosts, /etc/passwd, /etc/group,