In
computing, the Hesiod
name service
In computing, a directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network ...
originated in
Project Athena (1983–1991).
It uses
DNS functionality to provide access to
databases of
information that change infrequently. In
Unix environments it often serves to distribute information kept in the , , and files, among others.
Frequently an
LDAP server is used to distribute the same kind of information that Hesiod does. However, because Hesiod can leverage existing DNS servers, deploying it to a network is fairly easy.
In a
Unix-like system users usually have a line in the file for each local user like:
foo:x:100:10:Foo Bar:/home/foo:/bin/sh
This line is composed of seven colon-separated fields which hold the following data:
# user login name (string);
# password hash or "x" if
shadow password file is in use (string);
# user id (unsigned integer);
# user's primary group id (unsigned integer);
#
Gecos field (four comma separated fields, string);
# user home directory (string);
# user login shell (string).
This system works fine for a small number of users on a small number of machines. But when more users start using more machines having this information managed in one location becomes critical. This is where Hesiod enters.
Instead of having this information stored on every machine, Hesiod stores it in records on your DNS server. Then each client can query the DNS server for this information instead of looking for it locally. In
BIND the records for the above user might look something like:
foo.passwd.ns.example.net HS TXT "foo:x:100:10:Foo Bar:/home/foo:/bin/sh"
100.passwd.ns.example.net HS TXT "foo:x:100:10:Foo Bar:/home/foo:/bin/sh"
100.uid.ns.example.net HS TXT "foo:x:100:10:Foo Bar:/home/foo:/bin/sh"
There are three records because the system needs to be able to access the information in different ways. The first line supports looking up the user by their login name and the second two allow it to look up information by the user's uid. Note the use of the ''HS'' class instead of ''IN'' as might be expected. The
Domain Name System has a special
class of service for Hesiod's purpose.
On the client side some configuration also needs to happen. The /etc/hesiod.conf file for this setup might look something like:
rhs=.example.net
lhs=.ns
classes=HS,IN
The /etc/resolv.conf file uses the name servers that have the Hesiod records. Then
$ hesinfo foo passwd
foo:x:100:10:Foo Bar:/home/foo:/bin/sh
What happens here is that the ''foo'' and the ''passwd'' are combined with the ''lhs'' and ''rhs'' values in the /etc/hesiod.conf file to create a fully qualified name of ''foo.passwd.ns.example.net''. The DNS server is then queried for this entry and returns the value of that record.
See also
*
Name Service Switch (NSS)
*
Network Information Service (NIS)
*
Lightweight Directory Access Protocol (LDAP)
*
Kerberos
References
External links
* {{man, 5, hesiod.conf, NetBSD
Single Sign-On and the System Administrator
Directory services
Domain Name System
Massachusetts Institute of Technology software