Lab 9: NFS and NIS

Stephen Jones < sjones@cs.ucr.edu>

Objective

The goal of this lab is to set up an NFS and NIS server on the Router VM and use the Host VM as a client.

Introduction

The Network File System (NFS) allows users, the client, to access files over a network as if they are directly connected to the local disks. The Network Information Service (NIS) allows for the sharing of system configuration data.

With both NFS and NIS setup, from any computer in a network you may "access" any other computer on that network so long as you have authentication. Furthermore, you may still access the filesystem to which the network is accessing along with the files associated with the computer you are logged into.

Procedures

<Any command given involving $ vi with a tailing image implies to created/edit the file to mirror the image>
NFS
Setting up the NFS is very straightforward. Simply follow my steps exactly and you will be hunky-dory. The following steps in this section is not neccessary for setting up the NFS server. However, it is enlightening to get an understanding of what you are doing. So... if you are interested, proceed with the steps in this section otherwise skip to the next section named "NIS". If you want to set up an automount system... proceed with the following:
NIS
Now, to test your newly set up NIS server... proceed with the following: Verify that your NIS server is working:

Conclusion

Well, now that you have the NIS and NFS server running... you can log onto any user from the host VM. The users availible to you can either be created from the Router VM or Host VM. Also, you have access to the /home and /import directories on the Router Vm from the Host VM. You have essentially set up a miniturized system of what UCR uses to network its computers in the Engineering Department.

Further Reading

An alternative tutorial to setting up an NFS server: An alternative tutorial to setting up an NIS server:

Glossary

Network File System (NFS)
"Network File System (NFS) is a network file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a network as easily as if the network devices were attached to its local disks." (source: www.wikipedia.org)

Network Information Service (NIS)
"The Network Information Service or NIS (originally called Yellow Pages or YP) is Sun Microsystems' client-server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network.

Sun licenses this technology to virtually all other Unix vendors. As the name "Yellow Pages" was a registered trademark in the United Kingdom of British Telecom PLC for their (paper) commercial telephone directory, Sun changed the name of their system to NIS, though all the commands and functions still start with "yp".

NIS/YP is used for maintenance and distribution of a central directory of user and group information, hostnames, e-mail aliases and other text-based tables of information in a computer network. For example, in a common UNIX environment, the list of users for identification is placed in /etc/passwd, and secret authentication hashes in /etc/shadow. NIS adds another "global" user list which is used for identifying users on any client of the NIS domain." (source: www.wikipedia.org)

Lightweight Directory Access Protocol
"The Lightweight Directory Access Protocol, or LDAP, is an application protocol for querying and modifying directory services running over TCP/IP.

A directory is a set of objects with similar attributes organized in a logical and hierarchical manner. The most common example is the telephone directory, which consists of a series of names (either of persons or organizations) organized alphabetically, with each name having an address and phone number attached. Due to this basic design (among other factors) LDAP is often used by other services for authentication, despite the security problems this causes.

An LDAP directory tree often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain name system (DNS) names for structuring the topmost levels of the hierarchy. Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else that represents a given tree entry (or multiple entries)." (source: www.wikipedia.org)

Questions

  1. Show that automount works.
    See procedures, section NFS... last step
  2. Describe what happens when trying to access a NFS parition that is mounted with options "soft,timeo=5" and "hard,intr" respectively on the Host VM when the Router VM is down.
    The "soft, timeo=5" option allows the kernel to time out if the nfs server is not responding for 5 seconds.

    The "hard, intr" retries indefinitely if the operation fails.

  3. Show that the Host VM has no "user1" on the /etc/passwd file, yet, the "user1" is able to login. ie. NIS is at work.

  4. Briefly discuss LDAP authentication vs. NIS.
    LDAP authentication: Authentication is supplied in the "bind" operation. Ldapv3 supports three types of authentication - anonymus, simple and SASL authentication. Clients that send LDAP a request without doing a "bind" is considered anonymous. Simple authentication consists of sending the LDAP server the fully qualified DN of the user and the client's clear-text password. SASL is the Simple Authentication and Secrurity Layer. It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer.
    (source: http://tldp.org/HOWTO/LDAP-HOWTO/authentication.html)

    NIS: NIS is used for maintenance and distribution of a central directory and group information, hostnames, e-mail aliases and other text-based tables of information in a computer network. This can be configured to serve password data to authenticate users.