nisclient(1m)

1nisclient(1M)           System Administration Commands           nisclient(1M)
2
3
4

NAME

6       nisclient - initialize NIS+ credentials for NIS+ principals
7

SYNOPSIS

9       /usr/lib/nis/nisclient -c [-x] [-o] [-v]
10            [-l <network_password>] [-d <NIS+_domain>] client_name...
11
12
13       /usr/lib/nis/nisclient -i [-x] [-v] -h <NIS+_server_host>
14            [-a <NIS+_server_addr>]
15            [-k <key_domain>] [-d <NIS+_domain>] [-S 0 | 2]
16
17
18       /usr/lib/nis/nisclient -u [-x] [-v]
19
20
21       /usr/lib/nis/nisclient -r [-x]
22
23

DESCRIPTION

25       The nisclient shell script can be used to:
26
27           o      create NIS+ credentials for hosts and users
28
29           o      initialize NIS+ hosts and users
30
31           o      restore the network service environment
32
33
34       NIS+ credentials are used to provide authentication information of NIS+
35       clients to NIS+ service.
36
37
38       Use the first synopsis (-c option) to create  individual  NIS+  creden‐
39       tials  for hosts or users. You must be logged in as a NIS+ principal in
40       the domain for which you are creating the  new  credentials.  You  must
41       also  have  write permission to the local "cred" table. The client_name
42       argument accepts any valid host or user name in the  NIS+  domain  (for
43       example,  the  client_name  must  exist  in the hosts or passwd table).
44       nisclient verifies each client_name against both the  host  and  passwd
45       tables,  then adds the proper NIS+ credentials for hosts or users. Note
46       that if you are creating NIS+ credentials outside of your local domain,
47       the  host  or  user must exist in the host or passwd tables in both the
48       local and remote domains.
49
50
51       By default, nisclient will not overwrite existing entries in  the  cre‐
52       dential  table for the hosts and users specified. To overwrite, use the
53       -o option. After the credentials  have  been  created,  nisclient  will
54       print  the  command that must be executed on the client machine to ini‐
55       tialize the host or the user. The -c option requires a network password
56       for  the client which is used to encrypt the secret key for the client.
57       You can either specify it on the command line with the -l option or the
58       script  will  prompt  you  for it. You can change this network password
59       later with passwd(1) or chkey(1).
60
61
62       nisclient -c is not intended to be used to create NIS+ credentials  for
63       all  users  and hosts which are defined in the passwd and hosts tables.
64       To define credentials for all users and hosts, use nispopulate(1M).
65
66
67       Use the second  synopsis  (-i  option)  to  initialize  a  NIS+  client
68       machine.  The  -i option can be used to convert machines to use NIS+ or
69       to change the machine's domainname. You must be logged in as super-user
70       on the machine that is to become a NIS+ client. Your administrator must
71       have already created  the  NIS+  credential  for  this  host  by  using
72       nisclient -c or nispopulate -C. You will need the network password your
73       administrator created. nisclient will prompt you for the network  pass‐
74       word  to decrypt your secret key and then for this machine's root login
75       password to generate a new set of secret/public keys. If the NIS+  cre‐
76       dential  was created by your administrator using nisclient -c, then you
77       can simply use the initialization  command  that  was  printed  by  the
78       nisclient script to initialize this host instead of typing it manually.
79
80
81       To initialize an unauthenticated NIS+ client machine, use the -i option
82       with -S 0. With these options, the nisclient -i option will not ask for
83       any passwords.
84
85
86       During the client initialization process, files that are being modified
87       are backed up as files.no_nisplus. The files that are usually  modified
88       during  a  client  initialization  are:  /etc/defaultdomain,  /etc/nss‐
89       witch.conf,     /etc/inet/hosts,      and,      if      it      exists,
90       /var/nis/NIS_COLD_START.  Notice  that  a  file  will not be saved if a
91       backup file already exists.
92
93
94       The -i option does not set up a NIS+ client to resolve hostnames  using
95       DNS.  Please  refer to the DNS documentation for information on setting
96       up DNS. (See resolv.conf(4)).
97
98
99       It is not necessary to initialize either NIS+ root  master  servers  or
100       machines that were installed as NIS+ clients using suninstall(1M).
101
102
103       Use  the third synopsis (-u option) to initialize a NIS+ user. You must
104       be logged in as the user on a NIS+ client machine in the  domain  where
105       your NIS+ credentials have been created. Your administrator should have
106       already created the NIS+ credential for your username  using  nisclient
107       -c or nispopulate(1M). You will need the network password your adminis‐
108       trator used to create the NIS+ credential for your username.  nisclient
109       will  prompt  you  for this network password to decrypt your secret key
110       and then for your login password to generate a new set of secret/public
111       keys.
112
113
114       Use  the  fourth  synopsis  (-r  option) to restore the network service
115       environment to whatever you were using before  nisclient  -i  was  exe‐
116       cuted. You must be logged in as super-user on the machine that is to be
117       restored. The restore will only work if  the  machine  was  initialized
118       with  nisclient  -i  because it uses the backup files created by the -i
119       option.
120
121
122       Reboot the machine after initializing a machine or restoring  the  net‐
123       work service.
124

OPTIONS

126       The following options are supported:
127
128       -a <NIS+_server_addr>    Specifies  the IP address for the NIS+ server.
129                                This option is used only with the -i option.
130
131
132       -c                       Adds DES credentials for NIS+ principals.
133
134
135       -d <NIS+_domain>         Specifies the NIS+ domain where the credential
136                                should  be  created  when  used in conjunction
137                                with the -c option. It specifies the name  for
138                                the  new  NIS+ domain when used in conjunction
139                                with the -i option. The default is  your  cur‐
140                                rent domainname.
141
142
143       -h <NIS+_server_host>    Specifies  the  NIS+  server's  hostname. This
144                                option is used only with the -i option.
145
146
147       -i                       Initializes a NIS+ client machine.
148
149
150       -l <network_password>    Specifies  the  network   password   for   the
151                                clients.  This option is used only with the -c
152                                option. If this option is not  specified,  the
153                                script  will  prompt you for the network pass‐
154                                word.
155
156
157       -k <key_domain>          This option specifies the domain where  root's
158                                credentials  are  stored.  If  a domain is not
159                                specified, then the system default  domain  is
160                                assumed.
161
162
163       -o                       Overwrites  existing  credential  entries. The
164                                default is not to overwrite. This is used only
165                                with the -c option.
166
167
168       -r                       Restores the network service environment.
169
170
171       -S 0|2                   Specifies  the  authentication  level  for the
172                                NIS+ client. Level 0  is  for  unauthenticated
173                                clients and level 2 is for authenticated (DES)
174                                clients. The default is to set up with level 2
175                                authentication.  This is used only with the -i
176                                option. nisclient always uses level 2  authen‐
177                                tication  (DES)  for  both  -c and -u options.
178                                There is no need to run nisclient with -u  and
179                                -c  for  level  0 authentication. To configure
180                                authentication mechanisms other  than  DES  at
181                                security  level  2, use nisauthconf(1M) before
182                                running nisclient.
183
184
185       -u                       Initializes a NIS+ user.
186
187
188       -v                       Runs the script in verbose mode.
189
190
191       -x                       Turns the "echo"  mode  on.  The  script  just
192                                prints  the  commands  that it would have exe‐
193                                cuted. Notice that the commands are not  actu‐
194                                ally executed. The default is off.
195
196

EXAMPLES

198       Example 1 Adding the DES Credential in the Local Domain
199
200
201       To  add  the  DES  credential for host sunws and user fred in the local
202       domain:
203
204
205         example% /usr/lib/nis/nisclient -c sunws fred
206
207
208
209       Example 2 Adding the DES Credential in a Specified Domain
210
211
212       To add the DES credential for  host  sunws  and  user  fred  in  domain
213       xyz.example.com.:
214
215
216         example% /usr/lib/nis/nisclient -c -d xyz.example.com. sunws fred
217
218
219
220       Example 3 Initializing the Host in a Specific Domain
221
222
223       To  initialize  host  sunws as a NIS+ client in domain xyz.example.com.
224       where nisplus_server is a server for the domain xyz.example.com.:
225
226
227         example# /usr/lib/nis/nisclient -i -h nisplus_server -d xyz.example.com
228
229
230
231
232       The script will prompt you for the IP address of nisplus_server if  the
233       server  is  not  found  in the /etc/hosts file. The -d option is needed
234       only if your current domain name is different from the new domain name.
235
236
237       Example 4 Initializing the Host as an Unauthenticated Client in a  Spe‐
238       cific Domain
239
240
241       To  initialize  host  sunws as an unauthenticated NIS+ client in domain
242       xyz.example.com. where  nisplus_server  is  a  server  for  the  domain
243       xyz.example.com:
244
245
246         example# /usr/lib/nis/nisclient -i -S 0 \
247            -h nisplus_server -d xyz.example.com. -a 172.16.44.1
248
249
250
251       Example 5 Initializing the User as a NIS+ principal
252
253
254       To  initialize  user fred as a NIS+ principal, log in as user fred on a
255       NIS+ client machine.
256
257
258         example% /usr/lib/nis/nisclient -u
259
260
261

FILES

263       /var/nis/NIS_COLD_START    This file contains a list of servers,  their
264                                  transport  addresses,  and  their Secure RPC
265                                  public keys that serve the machines  default
266                                  domain.
267
268
269       /etc/defaultdomain         The system default domainname.
270
271
272       /etc/nsswitch.conf         Configuration   file  for  the  name-service
273                                  switch.
274
275
276       /etc/inet/hosts            Local host name database.
277
278

ATTRIBUTES

280       See attributes(5) for descriptions of the following attributes:
281
282
283
284
285       ┌─────────────────────────────┬─────────────────────────────┐
286       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
287       ├─────────────────────────────┼─────────────────────────────┤
288       │Availability                 │SUNWnisu                     │
289       └─────────────────────────────┴─────────────────────────────┘
290

NOTES

297       NIS+ might not be supported in future releases of the Solaris operating
298       system.  Tools  to aid the migration from NIS+ to LDAP are available in
299       the   current   Solaris   release.   For   more   information,    visit
300       http://www.sun.com/directory/nisplus/transition.html.
301
302
303
304SunOS 5.11                        12 Dec 2001                    nisclient(1M)