Hesiod (name service)
In computing, the Hesiod name service originated in Project Athena (1983 - 1991). It uses DNS functionality to provide access to databases of information that changes infrequently. In Unix environments it often serves to distribute information kept in the /etc/passwd, /etc/group, and /etc/printcap files, among others. Frequently an LDAP server is used to distribute the same kind of information that Hesiod does. However, because Hesiod can leverage existing DNS servers deploying it to a network is fairly easy.
In a Unix/Linux system users usually have a line in the /etc/passwd file like:
foo:x:100:10:Foo Bar:/home/foo:/bin/bash
This line tells the machine what your user id is, what group you belong to, your full name, where your home directory is at and what shell you use. This system works fine for a small number of users on a small number of machines. But when more users start using more machines having this information managed in one location becomes critical. This is where hesiod enters.
Instead of having this information stored on every machine, Hesiod stores it in records on your DNS server. Then each client can query the DNS server for this information instead of looking for it locally. In BIND the records for the above user might look something like:
foo.passwd.ns.hesiod IN TXT "foo:x:100:10:Foo Bar:/home/foo:/bin/bash" 100.passwd.ns.hesiod IN TXT "foo:x:100:10:Foo Bar:/home/foo:/bin/bash" 100.uid.ns.hesiod IN TXT "foo:x:100:10:Foo Bar:/home/foo:/bin/bash"
There are three records because the system needs to be able to access the information in different ways. The first line supports looking up the users by their login name and the second two allow it go look up information by the users uid.
On the client side some configuration also needs to happen. The /etc/hesiod.conf file for this setup might look something like:
rhs=hesiod lhs=ns
Also make sure your /etc/resolv.conf file is using the name servers that have your hesiod records in it. Once this is configured you can test your setup using the hesinfo program:
hesinfo foo passwd
should return
foo:x:100:10:Foo Bar:/home/foo:/bin/bash
What happens here is that the foo and the passwd are combined with the lhs and rhs values in the /etc/hesiod.conf file to create a fully qualified name of foo.passwd.ns.hesiod. The DNS server is then queried for this entry and returns the value of that record.
See also
- Name Service Switch (NSS)
- Network Information Service (NIS)
- Lightweight Directory Access Protocol (LDAP)
- Kerberos
External links