nisclient(1M) Maintenance Commands nisclient(1M)
NAME
nisclient - initialize NIS+ credentials for NIS+ principals
SYNOPSIS
/usr/lib/nis/nisclient -c [ -x ] [ -o ] [ -v ]
[ -l  ]
[ -d  ] client_name ...
/usr/lib/nis/nisclient -i [ -x ] [ -v ]
-h  [ -a  ]
[ -d  ] [ -S 0|2 ]
/usr/lib/nis/nisclient -u [ -x ] [ -v ]
/usr/lib/nis/nisclient -r [ -x ]
DESCRIPTION
The nisclient shell script can be used to:
o create NIS+ credentials for hosts and users
o initialize NIS+ hosts and users
o restore the network service environment
NIS+ credentials are used to provide authentication informa-
tion of NIS+ clients to NIS+ service.
Use the first synopsis ( -c ) to create individual NIS+
credentials for hosts or users. You must be logged in as a
NIS+ principal in the domain for which you are creating the
new credentials. You must also have write permission to the
local "cred" table. The client_name argument accepts any
valid host or user name in the NIS+ domain (for example, the
client_name must exist in the hosts or passwd table). nis-
client verifies each client_name against both the host and
passwd tables, then adds the proper NIS+ credentials for
hosts or users. Note that if you are creating NIS+ creden-
tials outside of your local domain, the host or user must
exist in the host or passwd tables in both the local and
remote domains.
By default, nisclient will not overwrite existing entries in
the credential table for the hosts and users specified. To
overwrite, use the -o option. After the credentials have
been created, nisclient will print the command that must be
executed on the client machine to initialize the host or the
user. The - c option requires a network password for the
client which is used to encrypt the secret key for the
client. You can either specify it on the command line with
the -l option or the script will prompt you for it. You can
change this network password later with nispasswd(1) or
chkey(1).
nisclient -c is not intended to be used to create NIS+
credentials for all users and hosts which are defined in the
passwd and hosts tables. To define credentials for all
users and hosts, use nispopulate(1M).
Use the second synopsis ( -i ) to initialize a NIS+ client
machine. - i option can be used to convert machines to use
NIS+ or to change the machine's domainname. You must be
logged in as super-user on the machine that is to become a
NIS+ client. Your administrator must have already created
the NIS+ credential for this host by using nisclient -c or
nispopulate -C. You will need the network password your
administrator created. nisclient will prompt you for the
network password to decrypt your secret key and then for
this machine's root login password to generate a new set of
secret/public keys. If the NIS+ credential was created by
your administrator using nisclient -c, then you can simply
use the initialization command that was printed by the nis-
client script to initialize this host instead of typing it
manually.
To initialize an unauthenticated NIS+ client machine, use
the "-i" option with
"-S 0". With these options, the nisclient -i option will
not ask for any passwords.
During the client initialization process, files that are
being modified are backed up as .no_nisplus. The
files that are usually modified during a client initializa-
tion are: /etc/defaultdomain, /etc/nsswitch.conf,
/etc/inet/hosts, and, if it exists, /var/nis/NIS_COLD_START.
Note that a file will not be saved if a backup file already
exists.
The -i option does not set up an NIS+ client to resolve
hostnames using DNS. Please refer to the DNS documentation
for information on setting up DNS. (See resolv.conf(4)).
NOTE: It is not necessary to initialize either NIS+ root
master servers or machines that were installed as NIS+
clients using suninstall(1M).
Use the third synopsis ( -u ) to initialize a NIS+ user.
You must be logged in as the user on a NIS+ client machine
in the domain where your NIS+ credentials have been created.
Your administrator should have already created the NIS+
credential for your username using nisclient -c or
nispopulate(1M). You will need the network password your
administrator used to create the NIS+ credential for your
username. nisclient will prompt you for this network
password to decrypt your secret key and then for your login
password to generate a new set of secret/public keys.
Use the fourth synopsis ( -r ) to restore the network ser-
vice environment to whatever you were using before nisclient
-i was executed. You must be logged in as super-user on the
machine that is to be restored. The restore will only work
if the machine was initialized with nisclient -i because it
uses the backup files created by the -i option.
Reboot the machine after initializing a machine or restoring
the network service.
OPTIONS
-aa  specifies the IP address for the NIS+
server. This option is ONLY used with
the -i option.
-c adds DES credentials for NIS+ princi-
pals.
-d  specifies the NIS+ domain where the
credential should be created when used
in conjuction with the -c option. It
specifies the name for the new NIS+
domain when used in conjuction with
the - i option. The default is your
current domainname.
-h  specifies the NIS+ server's hostname.
This option is ONLY used with the -i
option.
-i initializes an NIS+ client machine.
-l  specifies the network password for
the clients. This option is ONLY used
with the -c option. If this option is
not specified, the script will prompt
you for the network password.
-o overwrite existing credential entries.
The default is not to overwrite. This
is ONLY used with the -c option.
-r restores the network service environ-
ment.
-S 0|2 specifies the authentication level for
the NIS+ client. Level 0 is for unau-
thenticated clients and level 2 is for
authenticated (DES) clients. The
default is to set up with level 2
authentication. This is *ONLY* used
with -i option. nisclient always uses
level 2 authentication (DES) for both
-c and -u options. There is no need
to run nisclient with -u and -c for
level 0 authentication.
-u initializes an NIS+ user.
-v runs the script in verbose mode.
-x turns the "echo" mode on. The script
just prints the commands that it would
have executed. Note that the commands
are not actually executed. The
default is off.
EXAMPLES
To add the DES credential for host sunws and user fred in
the local domain:
example% /usr/lib/nis/nisclient -c sunws fred
To add the DES credential for host sunws and user fred in
domain xyz.sun.com.:
example% /usr/lib/nis/nisclient -c -d xyz.sun.com.\
sunws fred
To initialize host sunws as an NIS+ client in domain
xyz.sun.com. where nisplus_server is a server for the domain
xyz.sun.com.:
example# /usr/lib/nis/nisclient -i -h nisplus_server\
-d xyz.sun.com.
The script will prompt you for the IP address of
nisplus_server if the server is not found in the /etc/hosts
file. The -d option is needed only if your current domain
name is different from the new domain name.
To initialize host sunws as an unauthenticated NIS+ client
in domain xyz.sun.com. where nisplus_server is a server for
the domain xyz.sun.com.:
example# /usr/lib/nis/nisclient -i -S 0 \
-h nisplus_server -d xyz.sun.com. \
-a 129.140.44.1
To initialize user fred as an NIS+ principal, log in as user
fred on an NIS+ client machine.
example% /usr/lib/nis/nisclient -u
FILES
/var/nis/NIS_COLD_START
This file contains a list of servers,
their transport addresses, and their
Secure RPC public keys that serve the
machines default domain.
/etc/defaultdomain the system default domainname
/etc/nsswitch.conf configuration file for the name-
service switch
/etc/inet/hosts local host name database
SEE ALSO
chkey(1), keylogin(1), nis+(1), nispasswd(1), keyserv(1M),
nisaddcred(1M), nisinit(1M), nispopulate(1M),
suninstall(1M), nsswitch.conf(4), resolv.conf(4)
SunOS 5.4 Last change: 01 Jun 1993