Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎

nisclient


NAME
     nisclient - initialize NIS+ credentials for NIS+ principals

SYNOPSIS
     /usr/lib/nis/nisclient -c [-x] [-o] [-v]
         [-l <network_password>] [-d <NIS+_domain>] client_name...


     /usr/lib/nis/nisclient -i [-x] [-v] -h <NIS+_server_host>
         [-a <NIS+_server_addr>]
         [-k <key_domain>] [-d <NIS+_domain>] [-S 0 | 2]


     /usr/lib/nis/nisclient -u [-x] [-v]


     /usr/lib/nis/nisclient -r [-x]


DESCRIPTION
     The nisclient shell script can be used to:

         o    create NIS+ credentials for hosts and users

         o    initialize NIS+ hosts and users

         o    restore the network service environment


     NIS+ credentials are used to provide authentication informa-
     tion of NIS+ clients to NIS+ service.


     Use the first synopsis (-c option) to create individual NIS+
     credentials  for  hosts or users. You must be logged in as a
     NIS+ principal in the domain for which you are creating  the
     new  credentials. You must also have write permission to the
     local "cred" table. The  client_name  argument  accepts  any
     valid host or user name in the NIS+ domain (for example, the
     client_name must exist in the hosts or passwd  table).  nis-
     client  verifies  each client_name against both the host and
     passwd tables, then adds the  proper  NIS+  credentials  for
     hosts  or  users. Note that if you are creating NIS+ creden-
     tials outside of your local domain, the host  or  user  must
     exist  in  the  host  or passwd tables in both the local and
     remote domains.


     By default, nisclient will not overwrite existing entries in
     the  credential  table for the hosts and users specified. To
     overwrite, use the -o option.  After  the  credentials  have
     been  created, nisclient will print the command that must be
     executed on the client machine to initialize the host or the
     user.  The  -c  option  requires  a network password for the
     client which is used to  encrypt  the  secret  key  for  the
     client.  You  can either specify it on the command line with
     the -l option or the script will prompt you for it. You  can
     change   this  network  password  later  with  passwd(1)  or
     chkey(1).


     nisclient -c is not intended  to  be  used  to  create  NIS+
     credentials for all users and hosts which are defined in the
     passwd and hosts tables. To define credentials for all users
     and hosts, use nispopulate(1M).


     Use the second synopsis (-i option)  to  initialize  a  NIS+
     client  machine.  The  -i  option  can  be  used  to convert
     machines to use NIS+ or to change the machine's  domainname.
     You  must  be logged in as super-user on the machine that is
     to become  a  NIS+  client.  Your  administrator  must  have
     already  created  the NIS+ credential for this host by using
     nisclient -c or nispopulate -C. You will  need  the  network
     password  your  administrator created. nisclient will prompt
     you for the network password to decrypt your secret key  and
     then  for  this  machine's root login password to generate a
     new set of secret/public keys. If the  NIS+  credential  was
     created  by  your administrator using nisclient -c, then you
     can simply use the initialization command that  was  printed
     by  the  nisclient script to initialize this host instead of
     typing it manually.


     To initialize an unauthenticated NIS+  client  machine,  use
     the  -i  option with -S 0. With these options, the nisclient
     -i option will not ask for any passwords.


     During the client initialization  process,  files  that  are
     being  modified are backed up as files.no_nisplus. The files
     that are usually modified  during  a  client  initialization
     are:         /etc/defaultdomain,         /etc/nsswitch.conf,
     /etc/inet/hosts, and, if it exists, /var/nis/NIS_COLD_START.
     Notice  that  a  file  will  not  be  saved if a backup file
     already exists.


     The -i option does not set up a NIS+ client to resolve host-
     names  using  DNS. Please refer to the DNS documentation for
     information on setting up DNS. (See resolv.conf(4)).



     It is not necessary to initialize either  NIS+  root  master
     servers  or  machines  that  were  installed as NIS+ clients
     using suninstall(1M).


     Use the third synopsis (-u  option)  to  initialize  a  NIS+
     user.  You  must  be  logged in as the user on a NIS+ client
     machine in the domain where your NIS+ credentials have  been
     created.  Your administrator should have already created the
     NIS+ credential for your  username  using  nisclient  -c  or
     nispopulate(1M).  You  will  need  the network password your
     administrator used to create the NIS+  credential  for  your
     username.  nisclient  will prompt you for this network pass-
     word to decrypt your secret key  and  then  for  your  login
     password to generate a new set of secret/public keys.


     Use the fourth synopsis (-r option) to restore  the  network
     service  environment  to whatever you were using before nis-
     client -i was executed. You must be logged in as  super-user
     on the machine that is to be restored. The restore will only
     work if  the  machine  was  initialized  with  nisclient  -i
     because it uses the backup files created by the -i option.


     Reboot the machine after initializing a machine or restoring
     the network service.

OPTIONS
     The following options are supported:

     -a <NIS+_server_addr>    Specifies the IP  address  for  the
                              NIS+  server.  This  option is used
                              only with the -i option.


     -c                       Adds DES credentials for NIS+ prin-
                              cipals.


     -d <NIS+_domain>         Specifies the NIS+ domain where the
                              credential  should  be created when
                              used in  conjunction  with  the  -c
                              option.  It  specifies the name for
                              the new NIS+ domain  when  used  in
                              conjunction with the -i option. The
                              default is your current domainname.


     -h <NIS+_server_host>    Specifies the NIS+  server's  host-
                              name. This option is used only with
                              the -i option.

     -i                       Initializes a NIS+ client machine.


     -l <network_password>    Specifies the network password  for
                              the  clients.  This  option is used
                              only with the -c  option.  If  this
                              option is not specified, the script
                              will prompt  you  for  the  network
                              password.


     -k <key_domain>          This option  specifies  the  domain
                              where    root's   credentials   are
                              stored. If a domain is  not  speci-
                              fied,   then   the  system  default
                              domain is assumed.


     -o                       Overwrites   existing    credential
                              entries.  The  default  is  not  to
                              overwrite. This is used  only  with
                              the -c option.


     -r                       Restores   the   network    service
                              environment.


     -S 0|2                   Specifies the authentication  level
                              for the NIS+ client. Level 0 is for
                              unauthenticated clients and level 2
                              is for authenticated (DES) clients.
                              The default is to set up with level
                              2 authentication. This is used only
                              with  the  -i   option.   nisclient
                              always  uses level 2 authentication
                              (DES) for both -c and  -u  options.
                              There  is  no need to run nisclient
                              with -u and -c for level 0  authen-
                              tication.  To configure authentica-
                              tion mechanisms other than  DES  at
                              security      level      2,     use
                              nisauthconf(1M) before running nis-
                              client.


     -u                       Initializes a NIS+ user.


     -v                       Runs the script in verbose mode.


     -x                       Turns  the  "echo"  mode  on.   The
                              script  just  prints  the  commands
                              that it would have executed. Notice
                              that  the commands are not actually
                              executed. The default is off.


EXAMPLES
     Example 1 Adding the DES Credential in the Local Domain


     To add the DES credential for host sunws and  user  fred  in
     the local domain:


       example% /usr/lib/nis/nisclient -c sunws fred



     Example 2 Adding the DES Credential in a Specified Domain


     To add the DES credential for host sunws and  user  fred  in
     domain xyz.example.com.:


       example% /usr/lib/nis/nisclient -c -d xyz.example.com. sunws fred



     Example 3 Initializing the Host in a Specific Domain


     To  initialize  host  sunws  as  a  NIS+  client  in  domain
     xyz.example.com.  where  nisplus_server  is a server for the
     domain xyz.example.com.:


       example# /usr/lib/nis/nisclient -i -h nisplus_server -d xyz.example.com




     The  script  will  prompt  you  for  the   IP   address   of
     nisplus_server  if the server is not found in the /etc/hosts
     file. The -d option is needed only if  your  current  domain
     name is different from the new domain name.


     Example 4 Initializing the Host as an Unauthenticated Client
     in a Specific Domain

     To initialize host sunws as an unauthenticated  NIS+  client
     in  domain xyz.example.com. where nisplus_server is a server
     for the domain xyz.example.com:


       example# /usr/lib/nis/nisclient -i -S 0 \
         -h nisplus_server -d xyz.example.com. -a 172.16.44.1



     Example 5 Initializing the User as a NIS+ principal


     To initialize user fred as a NIS+ principal, log in as  user
     fred on a NIS+ client machine.


       example% /usr/lib/nis/nisclient -u



FILES
     /var/nis/NIS_COLD_START    This  file  contains  a  list  of
                                servers,      their     transport
                                addresses, and their  Secure  RPC
                                public   keys   that   serve  the
                                machines default domain.


     /etc/defaultdomain         The system default domainname.


     /etc/nsswitch.conf         Configuration file for the  name-
                                service switch.


     /etc/inet/hosts            Local host name database.


ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:









     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWnisu                    |
    |_____________________________|_____________________________|


SEE ALSO
     chkey(1),  keylogin(1),  NIS+(1),  passwd(1),   keyserv(1M),
     nisaddcred(1M),         nisauthconf(1M),        nisinit(1M),
     nispopulate(1M),      suninstall(1M),      nsswitch.conf(4),
     resolv.conf(4), attributes(5)

NOTES
     NIS+ might not  be  supported  in  future  releases  of  the
     Solaris  operating  system.  Tools to aid the migration from
     NIS+ to LDAP are available in the current  Solaris  release.
     For            more            information,            visit
     http://www.sun.com/directory/nisplus/transition.html.










Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.
Comments