Linux Applications

NIS and NIS+ Differences

“Many differences exist between Network Information Service (NIS) and Network Information Service Plus (NIS+). NIS+ packs more features than NIS. Again, the two platforms use different terminology—even for similar concepts. Even more, while NIS+ has an array of authentication features, NIS is a network lookup service.

And for this reason, many people do not understand when to opt for NIS or NIS+. This write-up solves this debate. It explains the primary differences between NIS and NIS+. Besides, this article will explain how you can use both protocols in your system with the NIS-compatibility mode.”

Differences Between NIS and NIS+

Notable differences between NIS and NIS+ fall under the following categories;

Domain Structure

The two protocols have different domain structures. If you are new to them, you would assume that the NIS+ service should be an improvement of the NIS. However, this is not the case, and instead of being an improved version of NIS, as many people would assume, it is a replacement for NIS.

NIS’s structure and functional capabilities aim to address the administration needs of micro client-server networks. It features a simple domain structure that can handle a few hundred clients within a single network. Besides, it can only provide services to clients in remote sites. Again, most users are always trusted, users.

The environments described above are pretty rare in the modern computing world. Modern computing environments are synonymous with large and complex client-server networks, which require high-level autonomous practices for administrators. NIS+ meets this requirement as it can handle up to 10,000 multivendor clients and up to 100 remote servers. Besides, these networks have an array of insecure connections.

NIS+ features a hierarchical domain structure to meet this requirement. This characteristic gives it the scalability to manage distributed networks conveniently. So, while you can find an array of flat NIS+ domains, you can also easily construct hierarchical domains within your systems.

Server Configuration

Another component worth looking at in our NIS vs. NIS+ debate is their server configurations. Ideally, NIS+ client-server configuration setup is similar to those of DNS and NIS platforms—all of the domains rely on support by sets of servers.

The principal server is called the master server. There are also backup servers, known as replica servers. Both the master and the replica servers have NIS+ server software running in the machines, and they come in handy in maintaining copies of NIS Plus tables.

With the similarity mentioned above, the difference between NIS and NIS+ in server configuration lies in their update models. The NIS design is specifically ideal for static information. Thus, you should be ready to handle NIS updates manually. You will need to remake its maps and propagate them in full each time any information due for storage changes.

On the other hand, NIS+ replica servers accept incremental updates. You will still need to make changes manually on the master server. But once done, the system will automatically propagate your changes in the replica servers.

Security

NIS has no security features and is therefore only ideal for secure LAN environments. However, NIS+ has an array of features that help protect the data and information stored in NIS+ namespaces. Of course, these security features will also protect the namespaces from unauthorized access.

NIS+ provides both authentication and authorization security features. With authentication, the NIS+ will possibly identify a NIS+ principal (client) that sent any requests to the server. Authorization is the process by which NIS+ servers identify the access rights given to any principal.

The significance of these two NIS+ security features is that users must be identified and granted information to access the information requested.

Information Management

Unlike NIS, which stores information in maps, NIS+ uses tables to store data. NIS+ uses predefined systems or tables/systems to store information. For example, the passwd table stores network information of every user while the hosts table categorically stores information about workstation addresses.

Notably, NIS+ tables are different from ASCII files. They are database tables. This feature makes NIS+ tables searchable by columns, eliminating the possibility of duplicate tables.

NIS and NIS+ Interoperability

Finally, NIS+ allows you to upgrade from NIS. It also allows you t continue interacting with DNS once you upgrade from NIS. You can convert from NIS using the NIS-compatibility mode provided by NIS+. This system migrates all the information and data initially stored in your NIS protocol to NIS+.

When you use the NIS-compatibility mode, you will not need to change the details about your NIS clients. Again, it is essential to list all your NIS clients and put them in groups based on their NIS+ domain names. You will also make similar namespaces to help synchronize your information.

Notable data transfer commands include;

    • /usr/lib/nis/nisaddent -d- This command copies information from tables to a designated file. Using standard NIS utilities, you can transfer the information to any NIS map.
    • /usr/lib/nis/nisaddent –y- Will efficiently transfer information from NIS maps of your choice to a designated NIS+ table. You can always do this after running the ypxfr command used for transferring files.
    • /usr/lib/nis/nispopulate –Y- This command can transfer information to NIS+ tables from NIS maps.

Conclusion

The above are the notable differences between NIS and NIS+. If you are looking for a platform that goes beyond storing principal data or information, NIS+ is what you need. It has both authentication and authorization features. But if you are out for a simple framework to store user information for your small LAN network, NIS will sort this for you. But more importantly, you can reliably transition from NIS to NIS+ using the compatibility mode without manually transferring your data or information.

Sources

About the author

Kennedy Brian

Brian is a computer scientist with a bias for software development, programming, and technical content development. He has been in the profession since 2015. He reads novels, jogs, or plays table tennis whenever not on gadgets. He is an expert in Python, SQL, Java, and data and network security.