Solaris Name Services

With Solaris 8 and earlier you have four naming services available -- /etc files, NIS, NIS+ and DNS. In Solaris 9 we see the introduction of a fifth service, namely LDAP. Actually that's not strictly true LDAP was around in Solaris 8 although not active. It was available for developers but LDAP services were not really integrated until we reached Solaris 9.

The name services are

  • /etc files, the original Solaris configuration files for users, hosts, and so on.
  • NIS, (formerly yp), the network information service which provides the same information as /etc files through maps available for sharing across a network.
  • NIS+, a more secure service developed as a replace for NIS and more hierarchal based.
  • DNS, the domain name service, used to resolve hostnames across the internet, read this post for more information on DNS.
  • LDAP, a general-purpose directory service with available schemas to serve data supplied by NIS, NIS+ or DNS.

Here's a quick list of differences between the name services.

  • The NIS naming service is a flat namespace, which means that it does no support subdomains. With NIS only one domain is accessible from a given host.
  • In both NIS+ and LDAP, the namespace is hierarchical.
  • Any changes made in NIS requires the entire map being propagated to all NIS slave servers.
  • NIS+ also has much improved security over NIS, NIS+ supports authentication, authorisation and secure RPC.
  • LDAP can be used to distribute almost any type of information across the whole organisation, which goes way beyond the tradition of network information systems such as login and system information.
  • LDAP if used as a replacement for NIS or NIS+ will provide the same types of data via different protocol and storage mechanism. In my eyes the primary advantage of LDAP is that it is or soon will be ubiquitous. It's looking like every vendor supports LDAP in one form or another.

Whichever naming service you use, they all require proper configuration of the name services switch file /etc/nsswitch.conf, which directs applications to various sources of naming information (such as gethostbyname), the service switch and the underlying naming services.

name service switch
/etc files NIS NIS+ DNS LDAP

In specifying services with the /etc/nsswitch.conf file, you can now use files, nis, nisplus, dns and ldap to refer to any of these services

Regardless of what name service you are using today, the direction that you need to head is LDAP. If you are still running NIS and not ready to transition to LDAP, considering hardening it. See my post hardening NIS. If you are using NIS+, start planning to migrate to LDAP; Rumours have it that NIS+ is on it's way out and may not be available in subsequent releases of Solaris.

Ideally, set up an LDAP server and a couple of clients in a lab environment. Test your transition plan rigourously before you attempt to migrate your prroduction environment. Get uses to all the LDAP services both server and client side.