System Administration Commands nisclient(1M)
NAME
nisclient - initialize NIS] credentials for NIS] principals
SYNOPSIS
/usr/lib/nis/nisclient -c [-x] [-o] [-v]
[-l ] [-d ] clientname...
/usr/lib/nis/nisclient -i [-x] [-v] -h
[-a ]
[-k ] [-d ] [-S 0 2]
/usr/lib/nis/nisclient -u [-x] [-v]
/usr/lib/nis/nisclient -r [-x]
DESCRIPTION
The nisclient shell script can be used to:
o create NIS] credentials for hosts and users
o initialize NIS] hosts and users
o restore the network service environment
NIS] credentials are used to provide authentication informa-
tion of NIS] clients to NIS] service.
Use the first synopsis (-c option) to create individual NIS]
credentials for hosts or users. You must be logged in as a
NIS] principal in the domain for which you are creating the
new credentials. You must also have write permission to the
local "cred" table. The clientname argument accepts any
valid host or user name in the NIS] domain (for example, the
clientname must exist in the hosts or passwd table). nis-
client verifies each clientname against both the host and
passwd tables, then adds the proper NIS] credentials for
hosts or users. Note that if you are creating NIS] creden-
tials outside of your local domain, the host or user must
exist in the host or passwd tables in both the local and
remote domains.
By default, nisclient will not overwrite existing entries in
the credential table for the hosts and users specified. To
overwrite, use the -o option. After the credentials have
been created, nisclient will print the command that must be
SunOS 5.11 Last change: 12 Dec 2001 1
System Administration Commands nisclient(1M)
executed on the client machine to initialize the host or the
user. The -c option requires a network password for the
client which is used to encrypt the secret key for the
client. You can either specify it on the command line with
the -l option or the script will prompt you for it. You can
change this network password later with passwd(1) or
chkey(1).
nisclient -c is not intended to be used to create NIS]
credentials for all users and hosts which are defined in the
passwd and hosts tables. To define credentials for all users
and hosts, use nispopulate(1M).
Use the second synopsis (-i option) to initialize a NIS]
client machine. The -i option can be used to convert
machines to use NIS] or to change the machine's domainname.
You must be logged in as super-user on the machine that is
to become a NIS] client. Your administrator must have
already created the NIS] credential for this host by using
nisclient -c or nispopulate -C. You will need the network
password your administrator created. nisclient will prompt
you for the network password to decrypt your secret key and
then for this machine's root login password to generate a
new set of secret/public keys. If the NIS] credential was
created by your administrator using nisclient -c, then you
can simply use the initialization command that was printed
by the nisclient script to initialize this host instead of
typing it manually.
To initialize an unauthenticated NIS] client machine, use
the -i option with -S 0. With these options, the nisclient
-i option will not ask for any passwords.
During the client initialization process, files that are
being modified are backed up as files.nonisplus. The files
that are usually modified during a client initialization
are: /etc/defaultdomain, /etc/nsswitch.conf,
/etc/inet/hosts, and, if it exists, /var/nis/NISCOLDSTART.
Notice that a file will not be saved if a backup file
already exists.
The -i option does not set up a NIS] client to resolve host-
names using DNS. Please refer to the DNS documentation for
information on setting up DNS. (See resolv.conf(4)).
SunOS 5.11 Last change: 12 Dec 2001 2
System Administration Commands nisclient(1M)
It is not necessary to initialize either NIS] root master
servers or machines that were installed as NIS] clients
using suninstall(1M).
Use the third synopsis (-u option) to initialize a NIS]
user. You must be logged in as the user on a NIS] client
machine in the domain where your NIS] credentials have been
created. Your administrator should have already created the
NIS] credential for your username using nisclient -c or
nispopulate(1M). You will need the network password your
administrator used to create the NIS] credential for your
username. nisclient will prompt you for this network pass-
word to decrypt your secret key and then for your login
password to generate a new set of secret/public keys.
Use the fourth synopsis (-r option) to restore the network
service environment to whatever you were using before nis-
client -i was executed. You must be logged in as super-user
on the machine that is to be restored. The restore will only
work if the machine was initialized with nisclient -i
because it uses the backup files created by the -i option.
Reboot the machine after initializing a machine or restoring
the network service.
OPTIONS
The following options are supported:
-a Specifies the IP address for the
NIS] server. This option is used
only with the -i option.
-c Adds DES credentials for NIS] prin-
cipals.
-d Specifies the NIS] domain where the
credential should be created when
used in conjunction with the -c
option. It specifies the name for
the new NIS] domain when used in
conjunction with the -i option. The
default is your current domainname.
-h Specifies the NIS] server's host-
name. This option is used only with
the -i option.
SunOS 5.11 Last change: 12 Dec 2001 3
System Administration Commands nisclient(1M)
-i Initializes a NIS] client machine.
-l Specifies the network password for
the clients. This option is used
only with the -c option. If this
option is not specified, the script
will prompt you for the network
password.
-k This option specifies the domain
where root's credentials are
stored. If a domain is not speci-
fied, then the system default
domain is assumed.
-o Overwrites existing credential
entries. The default is not to
overwrite. This is used only with
the -c option.
-r Restores the network service
environment.
-S 02 Specifies the authentication level
for the NIS] client. Level 0 is for
unauthenticated clients and level 2
is for authenticated (DES) clients.
The default is to set up with level
2 authentication. This is used only
with the -i option. nisclient
always uses level 2 authentication
(DES) for both -c and -u options.
There is no need to run nisclient
with -u and -c for level 0 authen-
tication. To configure authentica-
tion mechanisms other than DES at
security level 2, use
nisauthconf(1M) before running nis-
client.
-u Initializes a NIS] user.
-v Runs the script in verbose mode.
SunOS 5.11 Last change: 12 Dec 2001 4
System Administration Commands nisclient(1M)
-x Turns the "echo" mode on. The
script just prints the commands
that it would have executed. Notice
that the commands are not actually
executed. The default is off.
EXAMPLES
Example 1 Adding the DES Credential in the Local Domain
To add the DES credential for host sunws and user fred in
the local domain:
example% /usr/lib/nis/nisclient -c sunws fred
Example 2 Adding the DES Credential in a Specified Domain
To add the DES credential for host sunws and user fred in
domain xyz.example.com.:
example% /usr/lib/nis/nisclient -c -d xyz.example.com. sunws fred
Example 3 Initializing the Host in a Specific Domain
To initialize host sunws as a NIS] client in domain
xyz.example.com. where nisplusserver is a server for the
domain xyz.example.com.:
example# /usr/lib/nis/nisclient -i -h nisplusserver -d xyz.example.com
The script will prompt you for the IP address of
nisplusserver if the server is not found in the /etc/hosts
file. The -d option is needed only if your current domain
name is different from the new domain name.
Example 4 Initializing the Host as an Unauthenticated Client
in a Specific Domain
SunOS 5.11 Last change: 12 Dec 2001 5
System Administration Commands nisclient(1M)
To initialize host sunws as an unauthenticated NIS] client
in domain xyz.example.com. where nisplusserver is a server
for the domain xyz.example.com:
example# /usr/lib/nis/nisclient -i -S 0 \
-h nisplusserver -d xyz.example.com. -a 172.16.44.1
Example 5 Initializing the User as a NIS] principal
To initialize user fred as a NIS] principal, log in as user
fred on a NIS] client machine.
example% /usr/lib/nis/nisclient -u
FILES
/var/nis/NISCOLDSTART This file contains a list of
servers, their transport
addresses, and their Secure RPC
public keys that serve the
machines default domain.
/etc/defaultdomain The system default domainname.
/etc/nsswitch.conf Configuration file for the name-
service switch.
/etc/inet/hosts Local host name database.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 12 Dec 2001 6
System Administration Commands nisclient(1M)
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWnisu
SEE ALSO
chkey(1), keylogin(1), NIS](1), passwd(1), keyserv(1M),
nisaddcred(1M), nisauthconf(1M), nisinit(1M),
nispopulate(1M), suninstall(1M), nsswitch.conf(4),
resolv.conf(4), attributes(5)
NOTES
NIS] might not be supported in future releases of the
Solaris operating system. Tools to aid the migration from
NIS] to LDAP are available in the current Solaris release.
For more information, visit
http:/www.sun.com/directory/nisplus/transition.html.
SunOS 5.11 Last change: 12 Dec 2001 7
|
