Skip to main content

Understand NIS

NIS stands for "Network Information Service." It is a network service and protocol used in Unix-like operating systems (such as Linux and various flavors of Unix) for the centralized management and distribution of system configuration files, user account information, and other administrative data within a networked environment. NIS was developed by Sun Microsystems and is sometimes referred to as "Yellow Pages" due to its historical name. Now a days, NIS is considered outdated in terms of security, and many organizations have moved to more secure alternatives such as LDAP (Lightweight Directory Access Protocol) or Kerberos.

Here are some key features and components of NIS:

  1. Centralized Authentication and Authorization: NIS allows multiple Unix-based systems within a network to centralize user authentication and authorization. Instead of maintaining separate user account information on each system, NIS servers maintain a centralized database of user accounts, groups, and passwords.

  2. Distribution of System Files: In addition to user account information, NIS can also distribute other system-related files, such as /etc/passwd, /etc/group, and /etc/hosts, to NIS client machines. This ensures consistency in system configurations across the network.

  3. NIS Server and NIS Client: Within an NIS network, there are typically one or more NIS servers that maintain the NIS database, and multiple NIS client machines that request information from the NIS server. The NIS server is responsible for managing and distributing the data, while the clients use the data for authentication and configuration.

  4. NIS Maps: NIS organizes data into "maps," which are essentially tables or databases that store various types of information. Common NIS maps include passwd (user account information), group (group information), and hosts (hostnames and IP addresses).

  5. Security Considerations: NIS was designed at a time when network security was less of a concern. As a result, NIS does not provide strong security features. Passwords and other sensitive information are transmitted over the network in plaintext, making NIS vulnerable to eavesdropping and attacks. For this reason, NIS is considered outdated in terms of security, and many organizations have moved to more secure alternatives.

  6. Alternative Solutions: Due to its security limitations, many Unix and Linux systems have replaced NIS with more secure solutions, such as LDAP (Lightweight Directory Access Protocol) for centralized user authentication and configuration management, or Kerberos for authentication and secure communication.

  7. NIS+: NIS+ is an enhanced version of NIS that provides stronger security features. However, it is proprietary and not widely used.

Setting Up the NIS Server:

  1. Install the NIS Server Software: On the machine that will serve as the NIS server (typically referred to as the NIS master server), you need to install the NIS server software. In Debian-based systems, you can use the nis package.

    sudo apt update
    sudo apt install nis
  2. Configure the NIS Domain: Determine the NIS domain name you want to use. This domain name should be unique within your network. You will configure both the server and clients to use this domain.

    Edit the /etc/default/nis file to set the NIS domain:

    sudo nano /etc/default/nis

    Set the NISDOMAIN variable to your chosen domain name:

    NISDOMAIN=mydomain
  3. Create the NIS Maps: NIS organizes data into maps, which are essentially tables or databases that store various types of information, such as user account data (passwd), group information (group), and more.

    You can generate these maps using the makedbm command. For example, to create the passwd.byname map, use:

    sudo makedbm /etc/passwd /var/yp/passwd.byname

    Repeat this step for other maps you need, such as group.byname and hosts.byname.

  4. Start the NIS Server: Start the NIS server service:

    sudo systemctl start nis

    Enable it to start at boot:

    sudo systemctl enable nis
  5. Configure NIS Client Access: Edit the /etc/ypserv.conf file to specify which clients are allowed to access the NIS server. Add the IP addresses or hostnames of your NIS clients to this file.

  6. Update NIS Maps: After creating and configuring the NIS maps, you need to update them periodically. You can do this manually with the make -C /var/yp command or set up a cron job to update them automatically.

Setting Up NIS Clients:

  1. Install NIS Client Software: On machines that will be NIS clients, install the NIS client software package, which is usually the same as the NIS server package.

  2. Configure NIS Client: Edit the /etc/yp.conf file to specify the NIS domain name and the IP address or hostname of the NIS server. For example:

    domain mydomain server nis-server-ip
  3. Configure NIS Client Authentication: Edit the /etc/nsswitch.conf file to use NIS for authentication. For example, to use NIS for user authentication and other information, you can have lines like:

    passwd: files nis
    group: files nis
  4. Start NIS Client Services: Restart the relevant services to apply the NIS configuration:

    sudo systemctl restart nscd
    sudo systemctl restart networking
  5. Test NIS Client Authentication: Test NIS client authentication by trying to log in with an NIS user account.