I'm considering the merits of slightly redefining the "domain" field in a NIS netgroup (the third field in the triple) to make it more useful, in a new Internet Draft that I am currently developing. Does anyone out there who uses NIS actually make use of the "domain" field? The places I've worked at have always left the field blank. I'd be interested to hear from you if you do use it, and how important (or not) it is to you?
IMHO the netgroup design is a bit crappy. The domain field is hardly usable - I have seen it empty in a dozen environments.
Usually the host field has FQDN and resolve order is files-dns-nis.
IMHO, don't change what you don't understand. Makes sense? Right?
I think maybe it would be better to describe your RFC (why the secret?).
I agree, this is why I am looking to suggest improvements to it. My experience is the same as yours, it's always empty, and the host field sometimes is and sometimes is not fully qualified.
---------- Post updated at 09:02 AM ---------- Previous update was at 08:59 AM ----------
Indeed, but I'm not asking you to change it.
No secret. It's not an RFC, it's a collection of Internet Drafts, and currently an unpublished work in progress.
The intention is to replace NIS and RFC2307 with a more flexible and modular schema design.
Your rudeness has made my day!
Do companies really still use NIS? Just curious. It'd been a long time since I have used it and I don't see a legitimate use for it these days. LDAP is a much better replacement for many reasons and is also very scalable.
Surprisingly, yes they do. LDAP is not a replacement for NIS, it is a network protocol for accessing an X.500-based directory. NIS data can be stored in an LDAP-compliant directory using the RFC2307 schema, which then allows for NIS maps such as passwd, group, netgroup, protocols, services etc. to be served using LDAP instead, and this is what many people are moving towards. However, there are limitations with the RFC2307 schema that I am addressing, such as when it introduces case insensitivity where case sensitivity previously existed and general lack of flexibility when working with data in large complex organisations. As part of addressing these things, I would like to revisit netgroups and improve them, hence my original posting. I'll take it that the majority of people don't use the domain portion of the netgroup triple, go ahead and redefine it in my draft, and seek further comment once published.
Yes, many companies have NIS still.
But I haven't met any that uses the netgroup domain field.
NIS can handle a thousand simultaneous user logins, and even 10thousand simultaneous logins by enabling netid lookup in /etc/default/nss.
At least the Sun/Solaris NIS server (and e.g. HP-UX who licenced from Sun/Oracle) has support for automatically building the netid map.
I have only seen small LDAP environments. And one big NIS+ environment.
Well I've published my Internet Drafts now, so would appreciate feedback.
Directory-Based Information Services (DBIS) is a new replacement for the Network Information Service (NIS) and RFC2307. Published today as a series of brand new Internet Drafts, DBIS seeks to modernise the way that users, groups and network services are defined and managed on UNIX and Linux systems.
You can find links to the drafts on my blog: Technical Prose
Best regards,
Mark.