NIS (YP)

Sun's Network Information System (NIS, previously called Yellow Pages or YP until an obvious trademark infringement suit) can be used to share important system files. Typically these include crucial ones such as /etc/passwd, /etc/group, /etc/aliases, but can also be configured to share any such file.

NIS machines can be set up to be masters which are authoritative servers for information, slaves which replicate masters, or clients which simply use information from masters or slaves.

WARNING: A lot of folks don't like NIS because you can attach your host as a client to a known NIS domain, get the NIS passwd map, and crack passwords. This is especially dangerous if the passwd map has root's password. For this reason, SGI suggests using an alternate file (eg: passwd.nis) for non-root passwords for NIS. Problem is that I haven't found a way to make the GUI user-administration tools understand that it has to use NIS rather than the standard /etc/passwd file, and this makes things very confusing.

Set NIS Domain: Master, Slave, Client

Pick an NIS domain name; this is typically different than your site's Internet domain name, but it can be the same (assuming it's unique at your site). For the sake of the example, I've picked mynisdomain here.

echo mynisname >/var/yp/ypdomain
domainname mynisname

Also ensure the real Internet name is in /etc/sys_id, eg: wirehead.hq.nasa.gov, and that this has a valid IP address in /etc/hosts.

Build Maps, Start Servers

The NIS master runs more servers than slaves or clients, so different services are started for each. In the case of slaves, it has to act as a client first to get the information from the master, but then it changes mode to serve information.

master

cd /var/yp
./ypinit -m
/usr/etc/ypserv
/usr/etc/ypbind
/usr/etc/rpc.passwd [/etc/passwd.nis -m passwd ?? aux passwd file]

slave

/usr/etc/ypbind
ypwhich		[test if I know a master]
cd /var/yp
./ypinit -s
/etc/killall ypbind
/usr/etc/ypserv
/usr/etc/ypbind

client

/usr/etc/ypbind

Test NIS Access

ypwhich
ypcat passwd

If you find you can't bind to your NIS master or slave, check that your IP broadcast address and netmask are correct in /etc/config/ifconfig-1.options. I've found that using the wrong values here causes binding to fail, as if the broadcast is not being heard by the NIS servers.

Use Maps with Files

[client only??]

Add to /etc/passwd

+:

Add to /etc/group

+:

Add/change /etc/aliases

+:+

When adding these to the files, ensure you're adding terminated lines. Otherwise you may notice that the NIS clients are seeing truncated usernames in the XDM visual login and possibly some mailers. I was seeing user full names of "dy" for all users, probably a mutation of the login name "nobody".

Configure to Use NIS at Boot

Set a flag in the system configuration files so that the NIS services are run at boot time.

/etc/chkconfig yp on

Configure visual login to display NIS logins

Oddly, Irix XDM visual login only shows local login icons from the /etc/passwd file by default. To enable NIS clients to show icons for all logins, local or on NIS, run the program:

# /usr/Cadmin/bin/configClogin

Un-check the box which says Only show accounts on this system.

If you have a lot of accounts, you will probably also want to check the box which says Make the login window large.

You can also manually edit the configuration file for this which lives in /var/Cadmin/clogin.conf, but the format seems pretty free-form. Following are two different example files which should allow you to cut and paste the configuration strings of your choice. The first shows only local logins and uses a small window:

home directory must be local
use small window
display faces

The next one shows local and NIS accounts and uses a large window:

home directory can be anywhere
use large window
display faces

[or is it really checking for local home directories, rather than directories mounted via NFS?]

Chris Shenton