Deciding to maintain NIS in your environment

Active Directory and the Centrify UNIX agent (adclient) provide more secure authentication, authorization, and directory services than provided by traditional NIS client-server communication. Therefore, when you install the Centrify agent and join a domain, the Name Service Switch configuration file, nsswitch.conf, is normally modified so that account lookup requests are passed to Active Directory through the adclient process. This change to the nsswitch.conf file effectively bypasses the NIS client and server environment.

There are some situations, however, in which maintaining an ongoing or temporary NIS environment may be desirable or necessary. For example:

  • If you have a legacy Network Information Server (NIS), you may have configured network information, such as netgroup or automount maps, that you want to make available in response to client requests.
  • You may have applications that require access to a NIS server because they send requests directly to the NIS port and expect a NIS process to be listening there.
  • You may have computers or devices, such as Network Attached Storage devices or computers with older or unsupported operating systems where you cannot install the Centrify agent, that need access to information normally stored in NIS maps. Those computers or devices cannot join an Active Directory domain, but are capable of submitting NIS client requests. For those computers or devices, a NIS server may be the only option for providing authentication and look-up services.

If any of these scenarios apply to your organization, you may want to plan a deployment that includes the Centrify Network Information Service to complement the agent.