Domains

For a group of Windows 2000 systems to work well together, they should exist in a domain.
This requires a Windows 2000 Server system configured as a Domain Controller (DC).
Domains are the basis of the Windows 2000 security model.

The basis of Linux’s network security model is NIS, Network Information Service. NIS is
a simple text file–based database that is shared with client workstations. Each primary NIS
server establishes a domain. Any client workstation wanting to join this domain is allowed to
do so, as long as it can set its domain name. To set the domain name, you must use the root
user—Linux’s equivalent to an Administrator user. Being part of the domain does not,
however, immediately grant you rights that you would otherwise not have. The domain
administrator must still add your login to the master NIS password list so that the rest of the
systems in the network recognize your presence.

The key difference between NIS and Windows 2000 domains is that the NIS server by
itself does not perform authentication the way a DC does. Instead, each host looks up the login
and password information from the server and compares it to the user’s entered information.
It’s up to the individual application to properly authenticate a user. Thankfully, the code
necessary to authenticate a user is very trivial.

Another important difference is that NIS can be used as a general-purpose database and
thus hold any kind of information that needs to be shared with the rest of the network. (This
usually includes mount tables for NFS and e-mail aliases.) The only limitation is that each NIS
map can have only one key, and the database mechanism doesn’t scale well beyond about 20,000 entries. Of course, a site with 20,000 users shouldn’t keep them all in a single NIS
domain, anyway!

Neither Windows nor Linux requires use of domains for the base operating system to
work. Nevertheless, they are key if you need to maintain a multiuser site with a reasonable
level of security.