System Administration Commands rpc.nisd(1M)
NAME
rpc.nisd, nisd - NIS] service daemon
SYNOPSIS
/usr/sbin/rpc.nisd [-ACDFhlv] [-Y [-B [-t netid]
[-d dictionary] [-L load] [-S level] [-m mappingfile]
[-x attribute=value]... [-z number]
DESCRIPTION
The rpc.nisd daemon is an RPC service that implements the
NIS] service. This daemon must be running on all machines
that serve a portion of the NIS] namespace.
rpc.nisd is usually started from a system startup script.
The -B option causes rpc.nisd to start an auxiliary process,
rpc.nisdresolv, which provides ypserv compatible DNS for-
warding for NIS host requests. rpc.nisdresolv can also be
started independently. See rpc.nisdresolv(1M) for more
information on using rpc.nisdresolv independently.
The /etc/default/rpc.nisd file contains the following
default parameter settings. See FILES.
ENABLENISYPEMULATION Specifies whether the server is
put into NIS (YP) compatibility
mode. ENABLENISYPEMULATION=YES
is equivalent to the -Y command-
line option. The default value
for ENABLENISYPEMULATION is
NO.
OPTIONS
-A Authentication verbose mode. The dae-
mon logs all the authentication
related activities to syslogd(1M) with
LOGINFO priority.
-B Provide ypserv compatible DNS forward-
ing for NIS host requests. The DNS
resolving process, rpc.nisdresolv, is
started and controlled by rpc.nisd.
This option requires that the
/etc/resolv.conf file be setup for
communication with a DNS nameserver.
The nslookup utility can be used to
SunOS 5.11 Last change: 13 Aug 2004 1
System Administration Commands rpc.nisd(1M)
verify communication with a DNS
nameserver. See resolv.conf(4) and
nslookup(1M).
-C Open diagnostic channel on
/dev/console.
-D Debug mode. Do not fork.
-d dictionary Specify an alternate dictionary for
the NIS] database. The primary use of
this option is for testing. Note that
the string is not interpreted, rather
it is simply passed to the
dbinitialize function.>
-F Force the server to do a checkpoint of
the database when it starts up. Forced
checkpoints may be required when the
server is low on disk space. This
option removes updates from the tran-
saction log that have propagated to
all of the replicas.
-h Print list of options.
-L number Specify the ``load'' the NIS] service
is allowed to place on the server. The
load is specified in terms of the
number of child processes that the
server may spawn. The value of number
must be at least 1 for the callback
functions to work correctly. The
default is 128.
-m mappingfile Specify the name of a configuration
file that maps NIS] objects (espe-
cially tables and columns) to LDAP
(entries and attributes). See
NIS]LDAPmapping(4). The default path
is /var/nis. The default mapping file
is NIS]LDAPmapping. If this file
exists, the rpc.nisd daemon will map
data to and from LDAP. A template map-
ping file that covers the normal NIS]
SunOS 5.11 Last change: 13 Aug 2004 2
System Administration Commands rpc.nisd(1M)
directories and tables is installed as
/var/nis/NIS]LDAPmapping.template.
A NIS] object must have a valid map-
ping entry in the mapping file in
order to have data for that table read
from or written to the LDAP reposi-
tory.
The rpc.nisd(4) file contains specifi-
cations for LDAP server addresses,
LDAP authentication method, and the
like. See NIS]LDAPmapping(4) for an
overview of the setup you need to map
NIS] data to or from LDAP.
-S level Set the authorization security level
of the service. The argument is a
number between 0 and 2. By default,
the daemon runs at security level 2.
0 Security level 0 is designed to
be used for testing and initial
setup of the NIS] namespace. When
running at level 0, the daemon
does not enforce any access con-
trols. Any client is allowed to
perform any operation, including
updates and deletions.
1 At security level 1, the daemon
accepts both AUTHSYS and
AUTHDES credentials for authen-
ticating clients and authorizing
them to perform NIS] operations.
This is not a secure mode of
operation since AUTHSYS creden-
tials are easily forged. It
should not be used on networks in
which any untrusted users may
potentially have access.
2 At security level 2, the daemon
only accepts authentication using
the security mechanisms config-
ured by nisauthconf(1M). The
default security mechanism is
AUTHDES. Security level 2 is the
default if the -S option is not
SunOS 5.11 Last change: 13 Aug 2004 3
System Administration Commands rpc.nisd(1M)
used.
-t netid Use netid as the transport for commun-
ication between rpc.nisd and
rpc.nisdresolv. The default transport
is ticots(7D) ( tcp on SunOS 4.x sys-
tems).
-v Verbose. With this option, the daemon
sends a running narration of what it
is doing to the syslog daemon (see
syslogd(1M)) at LOGINFO priority.
This option is most useful for debug-
ging problems with the service. See
also -A option.
-x attribute=value Specify the value of the named attri-
bute. Attributes that control the NIS]
to LDAP mapping operation are derived
as follows:
1. Retrieve from LDAP.
2. Override with values from the
mappingfile, if any. See the
-m option.
3. Override with values from the
command line -x options.
See NIS]LDAPmapping(4) and rpc.nisd(4)
for the recognized attributes and
their syntax.
As a special case, you can use the
nisplusLdapConfig* attributes to
derive additional information from
LDAP. You can only specify the
nisplusLdapConfig* attributes in
rpc.nisd(4) or by means of the command
line.
-Y Put the server into NIS (YP) compati-
bility mode. When operating in this
mode, the NIS] server will respond to
NIS Version 2 requests using the ver-
sion 2 protocol. Because the YP proto-
col is not authenticated, only those
SunOS 5.11 Last change: 13 Aug 2004 4
System Administration Commands rpc.nisd(1M)
items that have read access to nobody
(the unauthenticated request) will be
visible through the V2 protocol. It
supports only the standard Version 2
maps in this mode (see -B option and
NOTES in ypfiles(4)). See FILES.
-z number Specify the maximum RPC record size
that can be used over connection
oriented transports. The default is
9000 bytes. If you specify a size less
than the default value, the default
value will be used instead.
EXAMPLES
Example 1 Setting up the NIS] Service
The following example sets up the NIS] service.
example% rpc.nisd
Example 2 Setting Up NIS] Service Emulating YP With DNS For-
warding
The following example sets up the NIS] service, emulating YP
with DNS forwarding.
example% rpc.nisd -YB
Example 3 Specifying NIS] and LDAP Mapping Information
The following example shows how to specify that all addi-
tional NIS] and LDAP mapping information should be retrieved
from DN "dc=x,dc=y,dc=z", from the LDAP server at IP address
1.2.3.4, port 389. The examples uses the simple authentica-
tion method and the cn=nisplusAdmin,ou=People, proxy user.
The -m option is omitted for clarity in this example..
-x nisplusLDAPconfigDN=dc=x,dc=y,dc=z \
-x nisplusLDAPconfigPreferredServerList=127.0.0.1:389 \
SunOS 5.11 Last change: 13 Aug 2004 5
System Administration Commands rpc.nisd(1M)
-x nisplusLDAPconfigAuthenticationMethod=simple \
-x nisplusLDAPconfigProxyUser=cn=nisplusAdmin,ou=People, \
-x nisplusLDAPconfigProxyPassword=xyzzy
ENVIRONMENT VARIABLES
NETPATH The transports that the NIS] service will use can
be limited by setting this environment variable.
See netconfig(4).
FILES
/var/nis/data/parent.object
This file describes the namespace that is logically
above the NIS] namespace. The most common type of parent
object is a DNS object. This object contains contact
information for a server of that domain.
/var/nis/data/root.object
This file describes the root object of the NIS]
namespace. It is a standard XDR-encoded NIS] directory
object that can be modified by authorized clients using
the nismodify(3NSL) interface.
/etc/default/rpc.nisd
LDAP connection and general rpc.nisd configuration. You
can override some of the settings by command-line
options.
/var/nis/NIS]LDAPmapping
Default path for LDAP mapping file. See the discussion
of the -m option.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 13 Aug 2004 6
System Administration Commands rpc.nisd(1M)
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWnisu
SEE ALSO
svcs(1), niscachemgr(1M), nisauthconf(1M), nisinit(1M),
nissetup(1M), nisldapmaptest(1M), nslookup(1M),
rpc.nisdresolv(1M), rpc.nispasswdd(1M), svcadm(1M),
syslogd(1M), nismodify(3NSL), NIS]LDAPmapping(4), netcon-
fig(4), nisfiles(4), resolv.conf(4), rpc.nisd(4),
ypfiles(4), attributes(5), smf(5), ticots(7D)
NOTES
NIS] might not be supported in future releases of the
Solaris Operating system. Tools to aid the migration from
NIS] to LDAP are available in the current Solaris release.
For more information, visit
http:/www.sun.com/directory/nisplus/transition.html.
The rpc.nisd service is managed by the service management
facility, smf(5), under the service identifier:
svc:/network/rpc/nisplus:default
Administrative actions on this service, such as enabling,
disabling, or requesting restart, can be performed using
svcadm(1M). The service's status can be queried using the
svcs(1) command.
SunOS 5.11 Last change: 13 Aug 2004 7
|
