Network Information Service
Encyclopedia
The Network Information Service, or NIS (originally called Yellow Pages or YP) is a client–server directory service
protocol for distributing system configuration data such as user and host names between computer
s on a computer network
. Sun Microsystems
developed the NIS; the technology is licensed to virtually all other Unix
vendors.
Because British Telecom PLC owned the name "Yellow Pages
" as a registered trademark
in the United Kingdom
for its paper-based, commercial telephone directory
, Sun changed the name of its system to NIS, though all the commands and functions still start with “yp”.
An NIS/YP system maintains and distributes a central directory of user and group information, hostnames, e-mail aliases and other text-based tables of information in a computer network. For example, in a common UNIX
environment, the list of users for identification
is placed in /etc/passwd, and secret authentication
hashes
in /etc/shadow. NIS adds another “global” user list which is used for identifying users on any client
of the NIS domain.
Administrators have the ability to configure NIS to serve password data to outside processes to authenticate users using various versions of the Unix crypt(3)
hash algorithms. However in such cases, any NIS client can retrieve the entire password database for offline inspection. Kerberos was designed to handle authentication in a more secure manner.
Sun introduced NIS+ as part of Solaris 2 in 1992, with the intention for it to eventually supersede NIS. NIS+ features much stronger security and authentication features, as well as a hierarchical design intended to provide greater scalability and flexibility. However, it was also more cumbersome to set up and administer, and was more difficult to integrate into an existing NIS environment than many existing users wished.
As a result, many users chose to stick with NIS, and over time other modern and secure distributed directory systems, most notably LDAP
, came to replace it. For example,
) generally runs as a non-root user, and SASL
-based encryption of LDAP traffic is natively supported.
On large LAN
s, DNS
servers may provide better nameserver functionality than NIS or LDAP can provide, leaving just site-wide identification information for NIS master and slave systems to serve. However, some functions — such as the distribution of netmask information to clients, as well as the maintenance of e-mail aliases — may still be performed by NIS or LDAP.
NIS maintains nfs database information file as well as so called maps
Directory service
A directory service is the software system that stores, organizes and provides access to information in a directory. In software engineering, a directory is a map between names and values. It allows the lookup of values given a name, similar to a dictionary...
protocol for distributing system configuration data such as user and host names between computer
Computer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
s on a computer network
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
. Sun Microsystems
Sun Microsystems
Sun Microsystems, Inc. was a company that sold :computers, computer components, :computer software, and :information technology services. Sun was founded on February 24, 1982...
developed the NIS; the technology is licensed to virtually all other Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
vendors.
Because British Telecom PLC owned the name "Yellow Pages
Yellow Pages
Yellow Pages refers to a telephone directory of businesses, organized by category, rather than alphabetically by business name and in which advertising is sold. As the name suggests, such directories were originally printed on yellow paper, as opposed to white pages for non-commercial listings...
" as a registered trademark
Trademark
A trademark, trade mark, or trade-mark is a distinctive sign or indicator used by an individual, business organization, or other legal entity to identify that the products or services to consumers with which the trademark appears originate from a unique source, and to distinguish its products or...
in the United Kingdom
United Kingdom
The United Kingdom of Great Britain and Northern IrelandIn the United Kingdom and Dependencies, other languages have been officially recognised as legitimate autochthonous languages under the European Charter for Regional or Minority Languages...
for its paper-based, commercial telephone directory
Telephone directory
A telephone directory is a listing of telephone subscribers in a geographical area or subscribers to services provided by the organization that publishes the directory...
, Sun changed the name of its system to NIS, though all the commands and functions still start with “yp”.
An NIS/YP system maintains and distributes a central directory of user and group information, hostnames, e-mail aliases and other text-based tables of information in a computer network. For example, in a common UNIX
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
environment, the list of users for identification
Identification (information)
The function of identification is to map a known quantity to an unknown entity so as to make it known. The known quantity is called the identifier and the unknown entity is what needs identification. A basic requirement for identification is that the Id be unique. Ids may be scoped, that is, they...
is placed in /etc/passwd, and secret authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
hashes
Cryptographic hash function
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...
in /etc/shadow. NIS adds another “global” user list which is used for identifying users on any client
Client (computing)
A client is an application or system that accesses a service made available by a server. The server is often on another computer system, in which case the client accesses the service by way of a network....
of the NIS domain.
Administrators have the ability to configure NIS to serve password data to outside processes to authenticate users using various versions of the Unix crypt(3)
Crypt (Unix)
In Unix computing, crypt is the name of both a utility program and a C programming function. Though both are used for encrypting data, they are otherwise essentially unrelated...
hash algorithms. However in such cases, any NIS client can retrieve the entire password database for offline inspection. Kerberos was designed to handle authentication in a more secure manner.
Successor technologies
The original NIS design was seen to have inherent limitations, especially in the areas of scalability and security, so other technologies have come to replace it.Sun introduced NIS+ as part of Solaris 2 in 1992, with the intention for it to eventually supersede NIS. NIS+ features much stronger security and authentication features, as well as a hierarchical design intended to provide greater scalability and flexibility. However, it was also more cumbersome to set up and administer, and was more difficult to integrate into an existing NIS environment than many existing users wished.
As a result, many users chose to stick with NIS, and over time other modern and secure distributed directory systems, most notably LDAP
Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...
, came to replace it. For example,
slapdSLAPDThe SLAPD and SLURPD originally evolved within the long-running project that developed the LDAP protocol....
(the standalone LDAP daemonDaemon (computer software)
In Unix and other multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user...
) generally runs as a non-root user, and SASL
Simple Authentication and Security Layer
Simple Authentication and Security Layer is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses...
-based encryption of LDAP traffic is natively supported.
On large LAN
Län
Län and lääni refer to the administrative divisions used in Sweden and previously in Finland. The provinces of Finland were abolished on January 1, 2010....
s, DNS
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
servers may provide better nameserver functionality than NIS or LDAP can provide, leaving just site-wide identification information for NIS master and slave systems to serve. However, some functions — such as the distribution of netmask information to clients, as well as the maintenance of e-mail aliases — may still be performed by NIS or LDAP.
NIS maintains nfs database information file as well as so called maps
External links
- The NIS-HOWTO from the Linux Documentation ProjectLinux Documentation ProjectThe Linux Documentation Project is an all-volunteer project that maintains a large collection of GNU and Linux-related documentation and publishes the collection online. It began as a way for hackers to share their documentation with each other and with their users, and for users to share...
- Resources on how to replace NIS can be found at the NIS Migration Resource Site
- Distributed Authentication System (DAS) Handbook by Van Emery
- NFS and NIS Security by Kristy Westphal - Securityfocus article Jan. 22, 2001
- Red Hat Linux 9: Red Hat Linux Security Guide - 5.3. Securing NIS
- Linux Focus: Yellow Pages - Includes some details on the underlying RPC calls