17.1. Introduction to NIS

NIS was originally developed by Sun Microsystems, but is now available on Linux and many other UNIX operating systems. Its original name was YP (Yellow Pages), which is why many of the NIS commands start with yp.

On a network with many systems, users may be allowed to log in to any of those systems. Typically, to avoid having to create and update users on each system separately, NIS can be used to distribute a master list of users and groups to all hosts. Although distributing user and group information is the most common use of NIS, it can also be used to share hostnames and IP addresses, automounter maps, Internet services, and netgroups.

An NIS server is a system that stores tables of user, group, and other information. A client system connects to a server and queries it for stored information, usually by looking up usernames, hostnames, and so on. Normally a server system is also one of its own clients, so that it has access to the users and other data in its own tables.

Each server is responsible for a single NIS domain, and each client is a member of a domain. A domain has a short name, like marketing or foo.com, which is not necessarily the same as the network's DNS domain. When NIS is started on a client system, it can either broadcast for any server on the network for its domain, or connect to specific server IP addresses. A single network may have multiple NIS servers for different domains, each of which supplies different tables.

In order to reduce the load on the NIS server, a network may contain multiple servers that all have copies of the same tables. One is the master server and the rest are slaves, which just receive information from the master whenever it is changed. A client can then connect to either the master or a slave and query the same tables.

In recent years, a new version of the old NIS protocol has been developed, called NIS+. It solves many problems with the original protocol, the biggest being lack of security. However, it is more complex to configure and not as widely available. For these reasons, Webmin supports only the configuration of NIS clients and servers.

The file /var/yp/Makefile is usually the primary configuration file for an NIS server, as well as a make script that generates binary format table data from source text files. The server also reads the files /var/yp/securenets and /etc/ypserv.conf to control which clients are allowed to connect, and which tables they can query. Webmin directly updates all of these files, along with the table source files, when you are configuring NIS. The primary NIS server program is called ypserv, but others such as yppasswd (for processing password change requests from clients) and ypxfrd (for sending tables to slaves) may be run as well.

On client systems, the file /etc/yp.conf stores the domain name and NIS server IP addresses. Information about which services to query NIS for is stored in /etc/nsswitch.conf. All clients run the program ypbind, which passes queries for user, group, and other information from local programs to the NIS server.

The NIS Client and Server Webmin module allows you to set up your system as an NIS client and/or server. When you enter it from the Networking category, the main page simply shows five icons for the different areas of client and server configuration. If Webmin detects that the NIS client programs are missing from your system, the main page will instead display an error message—if this happens, check your Linux distribution CD or website for a package named something like ypbind.

The module is not supported on all versions of Linux. At the time of writing, only Red Hat, Mandrake, OpenLinux, Debian, SuSE, UnitedLinux, and MSC.Linux could use it. Because each distribution uses slightly different configuration files for NIS, there may be some differences in the user interface and default settings between different distributions, in particular on the client services and NIS server pages.