UNIX System Administration Handbook - Evi Nemeth [312]
/var/yp/cssuns/passwd.byname.dir
/var/yp/cssuns/passwd.byname.pag
/var/yp/cssuns/passwd.byuid.dir
/var/yp/cssuns/passwd.byuid.pag
Remember that a separate map is required for each field by which the file can be searched. The passwd file is searchable by both name and uid, so two maps (four files, in the ndbm case) are derived from it.
The makedbm command generates NIS maps from flat files. However, you need never invoke this command directly. On most systems, a Makefile in the NIS directory generates all the common NIS maps. After you modify a system file, you cd to the NIS directory and run make. make checks the modification time of each file against the modification times of the maps derived from it and runs makedbm for each map that needs to be rebuilt.
On HP-UX systems, a command called ypmake is used instead of make.
Maps are copied from the master server to the slave servers by the ypxfr command. ypxfr is a “pull” command; it must be run on each slave server to make that server import the map. Slaves usually execute ypxfr every so often just to verify that they have the most recent maps; you can use cron to control how often this is done.
The default implementation of map copying is somewhat inefficient, and most systems provide a daemon called ypxfrd that can be run on the master server to respond in a speedier fashion to ypxfr requests. ypxfrd sidesteps the normal NIS protocol and simply hands out copies of the map files. Unfortunately, map files are stored with different database formats and byte ordering on different systems, so the use of ypxfrd introduces some potential incompatibilities.
yppush is a “push” command that’s used on the master server. It actually does not transfer any data but rather instructs each slave to execute a ypxfr. yppush is used by the Makefile in the NIS directory to ensure that newly updated maps are propagated to slaves.
There is a special map called ypservers which does not correspond to any flat file. This map contains a list of all the servers of the domain. It’s constructed automatically when the domain is set up with ypinit (see Configuring NIS servers on page 528). Its contents are examined whenever the master server needs to distribute maps to slaves.
After initial configuration, the only active components of the NIS system are the ypserv and ypbind daemons. ypserv runs only on servers (both master and slave); it accepts queries from clients and answers them by looking up information in the hashed map files.
ypbind runs on every machine in the NIS domain, including servers. The C library contacts the local ypbind daemon whenever it needs to answer an administrative query (provided that /etc/nsswitch.conf says to do so). ypbind locates a ypserv in the appropriate domain and returns its identity to the C library, which then contacts the server directly. The query mechanism is illustrated in Exhibit A.
Exhibit A NIS query procedure
Once ypbind locates a server, it continues to rely on that server for all queries until the server goes down or some other communication problem occurs. A ypbind on a server machine does not give itself preferential treatment, so servers don’t necessarily bind to themselves.
In some circumstances (for example, when all servers but one are simultaneously rebooted), clients can fixate on one server and refuse to let go even after other servers become available. This situation can slow response time considerably.
NIS includes a number of minor commands that examine maps, find out which version of a map each server is using, and control the binding between clients and servers. A complete list of NIS commands and daemons is given in Table 18.4.
Table 18.4 NIS commands and daemons
a. Not used or supported on all systems.
Setting up an NIS domain
NIS must be initialized on the master server, on the slave servers, and on each client. You do this in two steps. First, run ypinit on each server. Second, on every machine in the domain, set the domain name from one of the system startup files and configure /etc/nsswitch.conf