1nisclient(1M) System Administration Commands nisclient(1M)
2
3
4
6 nisclient - initialize NIS+ credentials for NIS+ principals
7
9 /usr/lib/nis/nisclient -c [-x] [-o] [-v]
10 [-l <network_password>] [-d <NIS+_domain>] client_name...
11
12
13 /usr/lib/nis/nisclient -i [-x] [-v] -h <NIS+_server_host>
14 [-a <NIS+_server_addr>]
15 [-k <key_domain>] [-d <NIS+_domain>] [-S 0 | 2]
16
17
18 /usr/lib/nis/nisclient -u [-x] [-v]
19
20
21 /usr/lib/nis/nisclient -r [-x]
22
23
25 The nisclient shell script can be used to:
26
27 o create NIS+ credentials for hosts and users
28
29 o initialize NIS+ hosts and users
30
31 o restore the network service environment
32
33
34 NIS+ credentials are used to provide authentication information of NIS+
35 clients to NIS+ service.
36
37
38 Use the first synopsis (-c option) to create individual NIS+ creden‐
39 tials for hosts or users. You must be logged in as a NIS+ principal in
40 the domain for which you are creating the new credentials. You must
41 also have write permission to the local "cred" table. The client_name
42 argument accepts any valid host or user name in the NIS+ domain (for
43 example, the client_name must exist in the hosts or passwd table).
44 nisclient verifies each client_name against both the host and passwd
45 tables, then adds the proper NIS+ credentials for hosts or users. Note
46 that if you are creating NIS+ credentials outside of your local domain,
47 the host or user must exist in the host or passwd tables in both the
48 local and remote domains.
49
50
51 By default, nisclient will not overwrite existing entries in the cre‐
52 dential table for the hosts and users specified. To overwrite, use the
53 -o option. After the credentials have been created, nisclient will
54 print the command that must be executed on the client machine to ini‐
55 tialize the host or the user. The -c option requires a network password
56 for the client which is used to encrypt the secret key for the client.
57 You can either specify it on the command line with the -l option or the
58 script will prompt you for it. You can change this network password
59 later with passwd(1) or chkey(1).
60
61
62 nisclient -c is not intended to be used to create NIS+ credentials for
63 all users and hosts which are defined in the passwd and hosts tables.
64 To define credentials for all users and hosts, use nispopulate(1M).
65
66
67 Use the second synopsis (-i option) to initialize a NIS+ client
68 machine. The -i option can be used to convert machines to use NIS+ or
69 to change the machine's domainname. You must be logged in as super-user
70 on the machine that is to become a NIS+ client. Your administrator must
71 have already created the NIS+ credential for this host by using
72 nisclient -c or nispopulate -C. You will need the network password your
73 administrator created. nisclient will prompt you for the network pass‐
74 word to decrypt your secret key and then for this machine's root login
75 password to generate a new set of secret/public keys. If the NIS+ cre‐
76 dential was created by your administrator using nisclient -c, then you
77 can simply use the initialization command that was printed by the
78 nisclient script to initialize this host instead of typing it manually.
79
80
81 To initialize an unauthenticated NIS+ client machine, use the -i option
82 with -S 0. With these options, the nisclient -i option will not ask for
83 any passwords.
84
85
86 During the client initialization process, files that are being modified
87 are backed up as files.no_nisplus. The files that are usually modified
88 during a client initialization are: /etc/defaultdomain, /etc/nss‐
89 witch.conf, /etc/inet/hosts, and, if it exists,
90 /var/nis/NIS_COLD_START. Notice that a file will not be saved if a
91 backup file already exists.
92
93
94 The -i option does not set up a NIS+ client to resolve hostnames using
95 DNS. Please refer to the DNS documentation for information on setting
96 up DNS. (See resolv.conf(4)).
97
98
99 It is not necessary to initialize either NIS+ root master servers or
100 machines that were installed as NIS+ clients using suninstall(1M).
101
102
103 Use the third synopsis (-u option) to initialize a NIS+ user. You must
104 be logged in as the user on a NIS+ client machine in the domain where
105 your NIS+ credentials have been created. Your administrator should have
106 already created the NIS+ credential for your username using nisclient
107 -c or nispopulate(1M). You will need the network password your adminis‐
108 trator used to create the NIS+ credential for your username. nisclient
109 will prompt you for this network password to decrypt your secret key
110 and then for your login password to generate a new set of secret/public
111 keys.
112
113
114 Use the fourth synopsis (-r option) to restore the network service
115 environment to whatever you were using before nisclient -i was exe‐
116 cuted. You must be logged in as super-user on the machine that is to be
117 restored. The restore will only work if the machine was initialized
118 with nisclient -i because it uses the backup files created by the -i
119 option.
120
121
122 Reboot the machine after initializing a machine or restoring the net‐
123 work service.
124
126 The following options are supported:
127
128 -a <NIS+_server_addr> Specifies the IP address for the NIS+ server.
129 This option is used only with the -i option.
130
131
132 -c Adds DES credentials for NIS+ principals.
133
134
135 -d <NIS+_domain> Specifies the NIS+ domain where the credential
136 should be created when used in conjunction
137 with the -c option. It specifies the name for
138 the new NIS+ domain when used in conjunction
139 with the -i option. The default is your cur‐
140 rent domainname.
141
142
143 -h <NIS+_server_host> Specifies the NIS+ server's hostname. This
144 option is used only with the -i option.
145
146
147 -i Initializes a NIS+ client machine.
148
149
150 -l <network_password> Specifies the network password for the
151 clients. This option is used only with the -c
152 option. If this option is not specified, the
153 script will prompt you for the network pass‐
154 word.
155
156
157 -k <key_domain> This option specifies the domain where root's
158 credentials are stored. If a domain is not
159 specified, then the system default domain is
160 assumed.
161
162
163 -o Overwrites existing credential entries. The
164 default is not to overwrite. This is used only
165 with the -c option.
166
167
168 -r Restores the network service environment.
169
170
171 -S 0|2 Specifies the authentication level for the
172 NIS+ client. Level 0 is for unauthenticated
173 clients and level 2 is for authenticated (DES)
174 clients. The default is to set up with level 2
175 authentication. This is used only with the -i
176 option. nisclient always uses level 2 authen‐
177 tication (DES) for both -c and -u options.
178 There is no need to run nisclient with -u and
179 -c for level 0 authentication. To configure
180 authentication mechanisms other than DES at
181 security level 2, use nisauthconf(1M) before
182 running nisclient.
183
184
185 -u Initializes a NIS+ user.
186
187
188 -v Runs the script in verbose mode.
189
190
191 -x Turns the "echo" mode on. The script just
192 prints the commands that it would have exe‐
193 cuted. Notice that the commands are not actu‐
194 ally executed. The default is off.
195
196
198 Example 1 Adding the DES Credential in the Local Domain
199
200
201 To add the DES credential for host sunws and user fred in the local
202 domain:
203
204
205 example% /usr/lib/nis/nisclient -c sunws fred
206
207
208
209 Example 2 Adding the DES Credential in a Specified Domain
210
211
212 To add the DES credential for host sunws and user fred in domain
213 xyz.example.com.:
214
215
216 example% /usr/lib/nis/nisclient -c -d xyz.example.com. sunws fred
217
218
219
220 Example 3 Initializing the Host in a Specific Domain
221
222
223 To initialize host sunws as a NIS+ client in domain xyz.example.com.
224 where nisplus_server is a server for the domain xyz.example.com.:
225
226
227 example# /usr/lib/nis/nisclient -i -h nisplus_server -d xyz.example.com
228
229
230
231
232 The script will prompt you for the IP address of nisplus_server if the
233 server is not found in the /etc/hosts file. The -d option is needed
234 only if your current domain name is different from the new domain name.
235
236
237 Example 4 Initializing the Host as an Unauthenticated Client in a Spe‐
238 cific Domain
239
240
241 To initialize host sunws as an unauthenticated NIS+ client in domain
242 xyz.example.com. where nisplus_server is a server for the domain
243 xyz.example.com:
244
245
246 example# /usr/lib/nis/nisclient -i -S 0 \
247 -h nisplus_server -d xyz.example.com. -a 172.16.44.1
248
249
250
251 Example 5 Initializing the User as a NIS+ principal
252
253
254 To initialize user fred as a NIS+ principal, log in as user fred on a
255 NIS+ client machine.
256
257
258 example% /usr/lib/nis/nisclient -u
259
260
261
263 /var/nis/NIS_COLD_START This file contains a list of servers, their
264 transport addresses, and their Secure RPC
265 public keys that serve the machines default
266 domain.
267
268
269 /etc/defaultdomain The system default domainname.
270
271
272 /etc/nsswitch.conf Configuration file for the name-service
273 switch.
274
275
276 /etc/inet/hosts Local host name database.
277
278
280 See attributes(5) for descriptions of the following attributes:
281
282
283
284
285 ┌─────────────────────────────┬─────────────────────────────┐
286 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
287 ├─────────────────────────────┼─────────────────────────────┤
288 │Availability │SUNWnisu │
289 └─────────────────────────────┴─────────────────────────────┘
290
292 chkey(1), keylogin(1), NIS+[22m(1), passwd(1), keyserv(1M), nisaddcred(1M),
293 nisauthconf(1M), nisinit(1M), nispopulate(1M), suninstall(1M), nss‐
294 witch.conf(4), resolv.conf(4), attributes(5)
295
297 NIS+ might not be supported in future releases of the Solaris operating
298 system. Tools to aid the migration from NIS+ to LDAP are available in
299 the current Solaris release. For more information, visit
300 http://www.sun.com/directory/nisplus/transition.html.
301
302
303
304SunOS 5.11 12 Dec 2001 nisclient(1M)