Monday Dec 07, 2009

So long NIS+, it was fun

With the push of this feature into Solaris:

6874309 Remove NIS+ from Solaris 
PSARC/2009/530 Removal of NIS+

a bit of Solaris history is made. The namespace that was to replace NIS (YP) has been survived by the system it was to replace.

NIS+ was the default name service in Solaris 2.0 and it was a long while before Sun relented and shipped a NIS (YP) server for the release. As a support engineer however NIS+ was interesting and was reasonably secure.


The flaws however limited it's adoption:

  • Servers could not be in the domain they served. This was eventually fixed however I find it amazing that we have the same situtation now with LDAP where native LDAP clients can't be served by themselves.

  • It was hard. The technical difficulties of getting NIS+ name spaces to work since they both used secure RPC and were used by secure RPC gave it a reputation for being hard to set up and unreliable. The reliability however has been resolved such that there were many large scale deployments that ran successfully.

  • The use of secure RPC made short running programs very expensive if they used NIS+1. So scripts that did NIS+ were slow.

NIS+ allowed me to learn many things:

  • I wrote a NIS+2html gate way that allowed you to navigate an entire NIS+ namespace from a browser (the browser was mosaic) using cgi.

  • An interposing library that allowed you to see all the NIS+ calls being made.

  • A TCL library giving direct access to the NIS+ library calls. This allowed very fast scripting since only one secure RPC session has to be generated.

Unfortunately none of them made it out from Sun as this was long before we became more open.


However it's future looked sealed when it's EOF was announced in Solaris 9 but a surprise reprieve allowed it to live in Solaris 10. It looks like the same will not be true for OpenSolaris. If you are still using NIS+ then you need to be finalizing your plans to move to LDAP!

It seems my baby is unlikely to make it to 21.


So long NIS+. It was fun.

1Each process would have to generate a secure RPC session key and negotiate a secure connection with the server. If the process then only made a single call to the server this session key would then be thrown away.

Friday Nov 05, 2004

My baby is 12!

It was Guy Fawkes day, 12 years ago that I created what was to become the oldest NIS+ name space in the world , unless of course you know otherwise.

It's time of birth is immortalised in the creation time of the directory objects:

# niscat -o org_dir
Object Name   : "org_dir"
Directory     : "hotline.uk.sun.com."
Owner         : "podtwo.hotline.uk.sun.com."
Group         : "admins.hotline.uk.sun.com."
Access Rights : r---rmcdrmc-r---
Time to Live  : 12:0:0
Creation Time : Thu Nov  5 13:33:46 1992
Mod. Time     : Thu Mar 22 17:58:10 2001
Object Type   : DIRECTORY
Name : 'org_dir.hotline.uk.sun.com.'
Type : NIS
Master Server :

It was spanked into life on Solaris 2.1 and was in prime time use by 2.3.

I'm told the name space is still in daily use, though is largely restricted to the lab. Gone are the days when the whole UK hotline were using it, but it struggles on. I wonder if it will make it to be a teenager. I suspect Paul will kill it, but I won't hold that against him for long.

It is nice to see it still running, and working despite what the nay sayers said at the time, especially as it just started as somewhere for me to test things on my workstation.

About

This is the old blog of Chris Gerhard. It has mostly moved to http://chrisgerhard.wordpress.com

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today