Best practices

The following information provides best practices for using Server for NIS.

Best practices when migrating a Network Information Service (NIS) domain

Make sure that subordinate (slave) servers are kept up-to-date

If your NIS domain is active (that is, changes to the domain occur frequently), you should increase the frequency at which Server for NIS checks for changes. This will ensure that UNIX-based subordinate servers are updated soon after a change is registered on the master server. You can also click Check for updates now to immediately update subordinate servers.

Do not migrate an NIS domain to more than one Windows Active Directory domain

Although you can migrate an NIS domain to computers running Server for NIS in more than one Windows domain, this is strongly discouraged because changes made in one Windows domain will not be replicated to the other domains.

Discourage users from using yppasswd to change their NIS passwords

Instead, users should change their NIS password by changing their Windows password. Server for NIS will then change the NIS password to match.

Server for NIS does not fully support the yppasswd utility available on UNIX systems. When a user runs yppasswd, Server for NIS changes the user's password in the NIS passwd map. Because yppasswd encrypts the new password before sending it to the NIS master server, however, Server for NIS cannot obtain a plain-text password to set the user's Windows password. Consequently, the Windows and UNIX passwords will no longer be the same. In addition, yppasswd presents a security vulnerability because it also sends the old password in plain text. Because the old password could also be the user's Windows password, this might expose the user's Windows password on the network.

Using Password Synchronization, you can provide users with a method for changing their NIS password using the yppasswd command. For more information, see Synchronizing passwords with an NIS domain.