nisclient Command

Purpose

Initializes NIS+ credentials for NIS+ principals.

Syntax

Add DES Credentials for NIS+ Principals

nisclient -c [ -x ] [ -o ] [ -v ] [ -l network_password ] [ -d NIS+_domain ] client_name...

Initialize a NIS+ Client Machine

nisclient -i [ -x ] [ -v ] -h NIS+_server_host [ -a NIS+_server_addr ] [ -d NIS+_domain ] [ -S 0 | 2 ]

Initialize a NIS+ User

nisclient -u [ -x ] [ -v ]

Restore Network Service Environment

nisclient -r [ -x ]

Description

The nisclient command can be used to:

NIS+ credentials are used to provide authentication information of NIS+ clients to NIS+ service.

Use the first syntax ( -c) to create individual NIS+ credentials for hosts or users. You must be logged in as a NIS+ principal in the domain for which you are creating the new credentials. You must also have write permission to the local credential table. The client_name argument accepts any valid host or user name in the NIS+ domain (for example, the client_name must exist in the hosts or passwd table). The nisclient command verifies each client_name against both the host and passwd tables, then adds the proper NIS+ credentials for hosts or users.

Note: If you are creating NIS+ credentials outside your local domain, the host or user must exist in the host or passwd tables in both the local and remote domains.

By default, nisclient will not overwrite existing entries in the credential table for the hosts and users specified. To overwrite, use the -o flag. After the credentials have been created, nisclient will print the command that must be executed on the client machine to initialize the host or the user. The -c flag requires a network password for the client which is used to encrypt the secret key for the client. You can either specify it on the command line with the -l flag or the script will prompt you for it. You can change this network password later with either the nispasswd or chkey command.

The -c flag is not intended to be used to create NIS+ credentials for all users and hosts that are defined in the passwd and hosts tables. To define credentials for all users and hosts, use the nispopulate command.

Use the second syntax ( -i) to initialize a NIS+ client machine. The -i flag can be used to convert machines to use NIS+ or to change the machine's domainname. You must be logged in as superuser on the machine that is to become a NIS+ client. Your administrator must have already created the NIS+ credential for this host by using the nisclient -c or nispopulate -C command. You will need the network password your administrator created. The nisclient command will prompt you for the network password to decrypt your secret key and then for this machine's root login password to generate a new set of secret/public keys. If the NIS+ credential was created by your administrator using nisclient -c, then you can simply use the initialization command that was printed by the nisclient script to initialize this host instead of typing it manually.

To initialize an unauthenticated NIS+ client machine, use the -i flag with -S 0. With these flags, the nisclient -i flag will not ask for any passwords.

During the client initialization process, files that are being modified are backed up as files.no_nisplus. The files that are usually modified during a client initialization are: /etc/defaultdomain, /etc/nsswitch.conf, /etc/inet/hosts, and, if it exists, /var/nis/NIS_COLD_START.

Note: A file will not be saved if a backup file already exists.

The -i flag does not set up a NIS+ client to resolve hostnames using DNS. Refer to the DNS documentation for information on setting up DNS. (See information on the resolv.conf) file format.

It is not necessary to initialize either NIS+ root master servers or machines that were installed as NIS+ clients.

Use the third syntax ( -u) to initialize a NIS+ user. You must be logged in as the user on a NIS+ client machine in the domain where your NIS+ credentials have been created. Your administrator should have already created the NIS+ credential for your username using the nisclient or nispopulate command. You will need the network password your administrator used to create the NIS+ credential for your username. The nisclient command will prompt you for this network password to decrypt your secret key and then for your login password to generate a new set of secret/public keys.

Use the fourth syntax ( -r) to restore the network service environment to whatever you were using before nisclient -i was executed. You must be logged in as superuser on the machine that is to be restored. The restore will only work if the machine was initialized with nisclient -i because it uses the backup files created by the -i flag.

Reboot the machine after initializing a machine or restoring the network service.

Flags

Item Description
-a NIS+_server_addr Specifies the IP address for the NIS+ server. This flag is used only with the -i flag.
-c Adds DES credentials for NIS+ principals.
-d NIS+_domain Specifies the NIS+ domain where the credential should be created when used in conjunction with the -c flag. It specifies the name for the new NIS+ domain when used in conjunction with the -i flag. The default is your current domainname.
-h NIS+_server_host Specifies the NIS+ server's hostname. This flag is used only with the -i flag.
-i Initializes a NIS+ client machine.
-l network_password Specifies the network password for the clients. This flag is used only with the -c flag. If this flag is not specified, the script will prompt you for the network password.
-o Overwrite existing credential entries. The default is not to overwrite. This is used only with the -c flag.
-r Restores the network service environment.
-S 0 | 2 Specifies the authentication level for the NIS+ client. Level 0 is for unauthenticated clients and level 2 is for authenticated (DES) clients. The default is to set up with level 2 authentication. This is used only with the -i flag. The nisclient command always uses level 2 authentication (DES) for both -c and -u flags. There is no need to run nisclient with -u and -c for level 0 authentication.
-u Initializes a NIS+ user.
-v Runs the script in verbose mode.
-x Turns the echo mode on. The script just prints the commands that it would have executed. Note that the commands are not actually executed. The default is off.

Examples

  1. To add the DES credential for host dilbert and user fred in the local domain, enter:
    nisclient -c dilbert fred
  2. To add the DES credential for host dilbert and user fred in domain xyz.ibm.com., enter:
    nisclient -c -d xyz.ibm.com. dilbert fred
  3. To initialize host dilbert as a NIS+ client in domain xyz.ibm.com. where nisplus_server is a server for the domain xyz.ibm.com., enter:
    nisclient -i -h nisplus_server -d xyz.ibm.com.

    The script will prompt you for the IP address of nisplus_server if the server is not found in the /etc/hosts file. The -d flag is needed only if your current domain name is different from the new domain name.

  4. To initialize host dilbert as an unauthenticated NIS+ client in domain xyz.ibm.com. where nisplus_server is a server for the domain xyz.ibm.com., enter:
    nisclient -i -S 0 -h nisplus_server -d xyz.ibm.com. -a 129.140.44.1
  5. To initialize user fred as a NIS+ principal, log in as user fred on a NIS+ client machine by entering:
    nisclient -u

Files

Item Description
/var/nis/NIS_COLD_START This file contains a list of servers, their transport addresses, and their Secure RPC public keys that serve the machines default domain.
/etc/defaultdomain The system default domainname
/etc/nsswitch.conf Configuration file for the name-service switch
/etc/inet/hosts Local host name database