1rpc.nisd(1M) System Administration Commands rpc.nisd(1M)
2
6 rpc.nisd, nisd - NIS+ service daemon
7
9 /usr/sbin/rpc.nisd [-ACDFhlv] [-Y [-B [-t netid]]]
10 [-d dictionary] [-L load] [-S level] [-m mappingfile]
11 [-x attribute=value]... [-z number]
12
15 The rpc.nisd daemon is an RPC service that implements the NIS+ service.
16 This daemon must be running on all machines that serve a portion of the
17 NIS+ namespace.
18 rpc.nisd is usually started from a system startup script.
21 The -B option causes rpc.nisd to start an auxiliary process,
24 rpc.nisd_resolv, which provides ypserv compatible DNS forwarding for
25 NIS host requests. rpc.nisd_resolv can also be started independently.
26 See rpc.nisd_resolv(1M) for more information on using rpc.nisd_resolv
27 independently.
28 The /etc/default/rpc.nisd file contains the following default parameter
31 settings. See FILES.
32 ENABLE_NIS_YP_EMULATION Specifies whether the server is put into NIS
34 (YP) compatibility mode. ENABLE_NIS_YP_EMU‐
35 LATION=YES is equivalent to the -Y command-
36 line option. The default value for
37 ENABLE_NIS_YP_EMULATION is NO.
38
41 -A Authentication verbose mode. The daemon logs all
42 the authentication related activities to sys‐
43 logd(1M) with LOG_INFO priority.
44 -B Provide ypserv compatible DNS forwarding for NIS
47 host requests. The DNS resolving process,
48 rpc.nisd_resolv, is started and controlled by
49 rpc.nisd. This option requires that the
50 /etc/resolv.conf file be setup for communication
51 with a DNS nameserver. The nslookup utility can
52 be used to verify communication with a DNS name‐
53 server. See resolv.conf(4) and nslookup(1M).
54 -C Open diagnostic channel on /dev/console.
57 -D Debug mode. Do not fork.
60 -d dictionary Specify an alternate dictionary for the NIS+
63 database. The primary use of this option is for
64 testing. Note that the string is not interpreted,
65 rather it is simply passed to the db_initialize
66 function.>
67 -F Force the server to do a checkpoint of the data‐
70 base when it starts up. Forced checkpoints may be
71 required when the server is low on disk space.
72 This option removes updates from the transaction
73 log that have propagated to all of the replicas.
74 -h Print list of options.
77 -L number Specify the ``load'' the NIS+ service is allowed
80 to place on the server. The load is specified in
81 terms of the number of child processes that the
82 server may spawn. The value of number must be at
83 least 1 for the callback functions to work cor‐
84 rectly. The default is 128.
85 -m mappingfile Specify the name of a configuration file that
88 maps NIS+ objects (especially tables and columns)
89 to LDAP (entries and attributes). See
90 NIS+LDAPmapping(4). The default path is /var/nis.
91 The default mapping file is NIS+LDAPmapping. If
92 this file exists, the rpc.nisd daemon will map
93 data to and from LDAP. A template mapping file
94 that covers the normal NIS+ directories and
95 tables is installed as /var/nis/NIS+LDAPmap‐
96 ping.template.
97 A NIS+ object must have a valid mapping entry in
99 the mapping file in order to have data for that
100 table read from or written to the LDAP reposi‐
101 tory.
102 The rpc.nisd(4) file contains specifications for
104 LDAP server addresses, LDAP authentication
105 method, and the like. See NIS+LDAPmapping(4) for
106 an overview of the setup you need to map NIS+
107 data to or from LDAP.
108 -S level Set the authorization security level of the ser‐
111 vice. The argument is a number between 0 and 2.
112 By default, the daemon runs at security level 2.
113 0 Security level 0 is designed to be used for
115 testing and initial setup of the NIS+ names‐
116 pace. When running at level 0, the daemon
117 does not enforce any access controls. Any
118 client is allowed to perform any operation,
119 including updates and deletions.
120 1 At security level 1, the daemon accepts both
123 AUTH_SYS and AUTH_DES credentials for
124 authenticating clients and authorizing them
125 to perform NIS+ operations. This is not a
126 secure mode of operation since AUTH_SYS cre‐
127 dentials are easily forged. It should not
128 be used on networks in which any untrusted
129 users may potentially have access.
130 2 At security level 2, the daemon only accepts
133 authentication using the security mechanisms
134 configured by nisauthconf(1M). The default
135 security mechanism is AUTH_DES. Security
136 level 2 is the default if the -S option is
137 not used.
138 -t netid Use netid as the transport for communication
142 between rpc.nisd and rpc.nisd_resolv. The default
143 transport is ticots(7D) ( tcp on SunOS 4.x sys‐
144 tems).
145 -v Verbose. With this option, the daemon sends a
148 running narration of what it is doing to the sys‐
149 log daemon (see syslogd(1M)) at LOG_INFO prior‐
150 ity. This option is most useful for debugging
151 problems with the service. See also -A option.
152 -x attribute=value Specify the value of the named attribute.
155 Attributes that control the NIS+ to LDAP mapping
156 operation are derived as follows:
157 1. Retrieve from LDAP.
159 2. Override with values from the mapping‐
161 file, if any. See the -m option.
162 3. Override with values from the command
164 line -x options.
165 See NIS+LDAPmapping(4) and rpc.nisd(4) for the
166 recognized attributes and their syntax.
167 As a special case, you can use the nisplusLdap‐
169 Config* attributes to derive additional informa‐
170 tion from LDAP. You can only specify the nis‐
171 plusLdapConfig* attributes in rpc.nisd(4) or by
172 means of the command line.
173 -Y Put the server into NIS (YP) compatibility mode.
176 When operating in this mode, the NIS+ server will
177 respond to NIS Version 2 requests using the ver‐
178 sion 2 protocol. Because the YP protocol is not
179 authenticated, only those items that have read
180 access to nobody (the unauthenticated request)
181 will be visible through the V2 protocol. It sup‐
182 ports only the standard Version 2 maps in this
183 mode (see -B option and NOTES in ypfiles(4)). See
184 FILES.
185 -z number Specify the maximum RPC record size that can be
188 used over connection oriented transports. The
189 default is 9000 bytes. If you specify a size less
190 than the default value, the default value will be
191 used instead.
192
195 Example 1 Setting up the NIS+ Service
196 The following example sets up the NIS+ service.
199 example% rpc.nisd
202 Example 2 Setting Up NIS+ Service Emulating YP With DNS Forwarding
206 The following example sets up the NIS+ service, emulating YP with DNS
209 forwarding.
210 example% rpc.nisd -YB
213 Example 3 Specifying NIS+ and LDAP Mapping Information
217 The following example shows how to specify that all additional NIS+ and
220 LDAP mapping information should be retrieved from DN "dc=x,dc=y,dc=z",
221 from the LDAP server at IP address 1.2.3.4, port 389. The examples uses
222 the simple authentication method and the cn=nisplusAdmin,ou=People,
223 proxy user. The -m option is omitted for clarity in this example..
224 -x nisplusLDAPconfigDN=dc=x,dc=y,dc=z \
227 -x nisplusLDAPconfigPreferredServerList=127.0.0.1:389 \
228 -x nisplusLDAPconfigAuthenticationMethod=simple \
229 -x nisplusLDAPconfigProxyUser=cn=nisplusAdmin,ou=People, \
230 -x nisplusLDAPconfigProxyPassword=xyzzy
231
235 NETPATH The transports that the NIS+ service will use can be limited
236 by setting this environment variable. See netconfig(4).
237
240 /var/nis/data/parent.object
241 This file describes the namespace that is logically above the NIS+
243 namespace. The most common type of parent object is a DNS object.
244 This object contains contact information for a server of that
245 domain.
246 /var/nis/data/root.object
249 This file describes the root object of the NIS+ namespace. It is a
251 standard XDR-encoded NIS+ directory object that can be modified by
252 authorized clients using the nis_modify(3NSL) interface.
253 /etc/default/rpc.nisd
256 LDAP connection and general rpc.nisd configuration. You can over‐
258 ride some of the settings by command-line options.
259 /var/nis/NIS+LDAPmapping
262 Default path for LDAP mapping file. See the discussion of the -m
264 option.
265
268 See attributes(5) for descriptions of the following attributes:
269 ┌─────────────────────────────┬─────────────────────────────┐
274 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
275 ├─────────────────────────────┼─────────────────────────────┤
276 │Availability │SUNWnisu │
277 └─────────────────────────────┴─────────────────────────────┘
278
280 svcs(1), nis_cachemgr(1M), nisauthconf(1M), nisinit(1M), nissetup(1M),
281 nisldapmaptest(1M), nslookup(1M), rpc.nisd_resolv(1M), rpc.nispass‐
282 wdd(1M), svcadm(1M), syslogd(1M), nis_modify(3NSL), NIS+LDAPmapping(4),
283 netconfig(4), nisfiles(4), resolv.conf(4), rpc.nisd(4), ypfiles(4),
284 attributes(5), smf(5), ticots(7D)
285
287 NIS+ might not be supported in future releases of the Solaris Operating
288 system. Tools to aid the migration from NIS+ to LDAP are available in
289 the current Solaris release. For more information, visit
290 http://www.sun.com/directory/nisplus/transition.html.
291 The rpc.nisd service is managed by the service management facility,
294 smf(5), under the service identifier:
295 svc:/network/rpc/nisplus:default
297 Administrative actions on this service, such as enabling, disabling, or
302 requesting restart, can be performed using svcadm(1M). The service's
303 status can be queried using the svcs(1) command.
304SunOS 5.11 13 Aug 2004 rpc.nisd(1M)