|
|
NIS (also known as NIS+, YP, or Yellow Pages) is a directory service. It allows a pool of UNIX machines to share common configuration information such as passwords and host names. An exposed NIS server can provide hackers with huge amounts of information about your network, including a logical map of the machines on the network and a list of user accounts. Services NIS is made up of the following processes: - ypbind
- Processes will use ypbind internal to the local machine in order to find out where the NIS service is located.
- ypserv
- The NIS directory service itself.
- yppasswd (rpc.passwd)
- The service that allows changing of the password. In order to avoid having the password go across the wire in clear-text, a special service is used.
Tables ("maps") NIS maintains tables of directory information. - passwd (passwd.byname)
- This is the main purpose of NIS. It stores all the passwords on a single machine. When a user logs on to any machine in the NIS domain, the passwords
- group (group.byname)
- The group information that goes along with the password information.
- network (network.byaddress
-
- hosts (hosts.bynumbers, /etc/hosts, DNS)
- This table can in theory replace DNS information. Before DNS (circa 1985), every machine stored a list of all machines on the Internet and their names in a file called /etc/hosts. Today, this file is no longer used. However, by supporting a centralized hosts file with NIS, a DNS server isn't really needed.
- protocols (protocols.bynumbers)
-
- services (services.byname)
-
- rpc (rpc.bynumbers)
-
- aliases (mail.aliases, /etc/aliases)
-
- ethers (ethers.byname, /etc/ethers)
-
|
