Solaris Naming Services
The Solaris platform provides the following naming services.
Most modern networks use two or more of these services in combination. When
more than one service is used, the services are coordinated by
the nsswitch.conf file which is discussed in Chapter 2, The Name Service Switch (Overview).
Description of the DNS Naming Service
DNS is the naming service provided by the Internet for TCP/IP networks. DNS
was developed so that machines on the network could be identified with common
names instead of Internet addresses. DNS performs naming between hosts within your local
administrative domain and across domain boundaries.
The collection of networked machines that use DNS are referred to as the
DNS namespace. The DNS namespace can be divided into a hierarchy of domains.
A DNS domain is a group of machines. Each domain is supported by
two or more name servers, a principal server and one or more secondary servers.
Each server implements DNS by running the in.named daemon. On the client's
side, DNS is implemented through the “resolver.” The resolver's function is to resolve
users' queries. The resolver queries a name server, which then returns either the
requested information or a referral to another server.
Description of Multicast DNS and Service Discovery
Support for two extensions to the DNS protocol is now available. These two
extensions are multicast DNS (mDNS) and DNS Service Discovery (DNS-SD). mDNS extends the
Domain Name Service system to operate over link-local multicast. DNS-SD adds support for
discovering network services over DNS.
Description of the /etc Files Naming Service
The original host-based UNIX naming system was developed for standalone UNIX machines and
then adapted for network use. Many old UNIX operating systems and machines still
use this system, but the system is not well suited for large complex
networks.
Description of the NIS Naming Service
The Network Information Service (NIS) was developed independently of DNS. DNS makes communication simpler by
using machine names instead of numerical IP addresses. NIS focuses on making network
administration more manageable by providing centralized control over a variety of network information. NIS
stores information about the network, machine names and addresses, users, and network
services. This collection of network information is referred to as the NIS namespace.
NIS namespace information is stored in NIS maps. NIS maps were designed to
replace UNIX /etc files, as well as other configuration files. NIS maps store
much more than names and addresses. As a result, the NIS namespace has
a large set of maps. See Working With NIS Maps for more information.
NIS uses a client-server arrangement which is similar to DNS. Replicated NIS servers
provide services to NIS clients. The principal servers are called master servers,
and for reliability, the servers have backup, or slave servers. Both master
and slave servers use the NIS retrieval software and both store NIS
maps. For more information on NIS Architecture and NIS Administration, see Chapter 5, Setting Up and Configuring NIS Service and
Chapter 6, Administering NIS (Tasks).
Description of the NIS+ Naming Service
The Network Information Service Plus (NIS+) is similar to NIS but with more features. However, NIS+
is not an extension of NIS.
The NIS+ naming service is designed to conform to the shape of
the organization. Unlike NIS, the NIS+ namespace is dynamic because updates can occur
and be put into effect at any time by any authorized user.
NIS+ enables you to store information about machine addresses, security information, mail information,
Ethernet interfaces, and network services in one central location. This configuration of network
information is referred to as the NIS+ namespace.
The NIS+ namespace is hierarchical. The NIS+ namespace is similar in structure to
the UNIX directory file system. The hierarchical structure allows an NIS+ namespace to
be configured to conform to the logical hierarchy of an organization. The namespace's
layout of information is unrelated to its physical arrangement. Thus, an NIS+
namespace can be divided into multiple domains that can be administered autonomously. Clients
might have access to information in domains other than their own if the
clients have the appropriate permissions.
NIS+ uses a client-server model to store and have access to the
information contained in an NIS+ namespace. Each domain is supported by a set
of servers. The principal server is called the primary server. The backup servers are
called secondary servers. The network information is stored in 16 standard NIS+ tables in
an internal NIS+ database. Both primary and secondary servers run NIS+ server software
and both maintain copies of NIS+ tables. Changes made to the NIS+ data
on the master server are incrementally propagated automatically to the secondary servers.
NIS+ includes a sophisticated security system to protect the structure of the namespace
and its information. NIS+ uses authentication and authorization to verify whether a client's
request for information should be fulfilled. Authentication determines whether the information requester
is a valid user on the network. Authorization determines whether a particular user is
allowed to have or modify the information requested. See System Administration Guide: Naming and Directory Services (NIS+) for a more detailed
description of NIS+ security.
For information on making the transition from NIS+ to LDAP, see Chapter 16, Transitioning From NIS+ to LDAP.
Description of the LDAP Naming Services
The Solaris Operating System supports LDAP (Lightweight Directory Access Protocol) in conjunction with
the Sun Java System Directory Server (formerly Sun ONE Directory Server), as
well as other LDAP directory servers.
See Chapter 8, Introduction to LDAP Naming Services (Overview/Reference) for more information about LDAP naming services.
For information about transitioning from NIS to LDAP or NIS+ to LDAP, see
Chapter 15, Transitioning From NIS to LDAP (Overview/Tasks) or Chapter 16, Transitioning From NIS+ to LDAP.
For information on single sign on, as well as the setup and
maintenance of Kerberos authentication services, refer to the sections on Kerberos Services in the
System Administration Guide: Security Services.
