Solaris man マニュアル
System Administration Commands                      nisclient(1M)

NAME
     nisclient - initialize NIS+ credentials for NIS+ principals

SYNOPSIS
     /usr/lib/nis/nisclient    -c    [-x]    [-o]     [-v]     [-
     l <network_password>] [-d <NIS+_domain>] client_name...

     /usr/lib/nis/nisclient -i  [-x]  [-v]  -h <NIS+_server_host>
     [-a <NIS+_server_addr>] [-k <key_domain>] [-d <NIS+_domain>]
     [-S 0 | 2]

     /usr/lib/nis/nisclient -u [-x] [-v]

     /usr/lib/nis/nisclient -r [-x]

DESCRIPTION
     The nisclient shell script can be used to:

       o  create NIS+ credentials for hosts and users

       o  initialize NIS+ hosts and users

       o  restore the network service environment


     NIS+ credentials are used to provide authentication informa-
     tion of NIS+ clients to NIS+ service.

     Use the first synopsis (-c option) to create individual NIS+
     credentials  for  hosts or users. You must be logged in as a
     NIS+ principal in the domain for which you are creating  the
     new  credentials. You must also have write permission to the
     local "cred" table. The  client_name  argument  accepts  any
     valid host or user name in the NIS+ domain (for example, the
     client_name must exist in the hosts or passwd  table).  nis-
     client  verifies  each client_name against both the host and
     passwd tables, then adds the  proper  NIS+  credentials  for
     hosts  or  users. Note that if you are creating NIS+ creden-
     tials outside of your local domain, the host  or  user  must
     exist  in  the  host  or passwd tables in both the local and
     remote domains.

     By default, nisclient will not overwrite existing entries in
     the  credential  table for the hosts and users specified. To
     overwrite, use the -o option.  After  the  credentials  have
     been  created, nisclient will print the command that must be
     executed on the client machine to initialize the host or the
     user.  The  -c  option  requires  a network password for the
     client which is used to  encrypt  the  secret  key  for  the
     client.  You  can either specify it on the command line with
     the -l option or the script will prompt you for it. You  can
     change   this  network  password  later  with  passwd(1)  or

     chkey(1).

     nisclient -c is not intended  to  be  used  to  create  NIS+
     credentials for all users and hosts which are defined in the
     passwd and hosts tables. To define credentials for all users
     and hosts, use nispopulate(1M).

     Use the second synopsis (-i option)  to  initialize  a  NIS+
     client  machine.  The  -i  option  can  be  used  to convert
     machines to use NIS+ or to change the machine's  domainname.
     You  must  be logged in as super-user on the machine that is
     to become  a  NIS+  client.  Your  administrator  must  have
     already  created  the NIS+ credential for this host by using
     nisclient -c or nispopulate -C. You will  need  the  network
     password  your  administrator created. nisclient will prompt
     you for the network password to decrypt your secret key  and
     then  for  this  machine's root login password to generate a
     new set of secret/public keys. If the  NIS+  credential  was
     created  by  your administrator using nisclient -c, then you
     can simply use the initialization command that  was  printed
     by  the  nisclient script to initialize this host instead of
     typing it manually.

     To initialize an unauthenticated NIS+  client  machine,  use
     the  -i  option with -S 0. With these options, the nisclient
     -i option will not ask for any passwords.

     During the client initialization  process,  files  that  are
     being  modified are backed up as files.no_nisplus. The files
     that are usually modified  during  a  client  initialization
     are:         /etc/defaultdomain,         /etc/nsswitch.conf,
     /etc/inet/hosts, and, if it exists, /var/nis/NIS_COLD_START.
     Notice  that  a  file  will  not  be  saved if a backup file
     already exists.

     The -i option does not set up a NIS+ client to resolve host-
     names  using  DNS. Please refer to the DNS documentation for
     information on setting up DNS. (See resolv.conf(4)).

     It is not necessary to initialize either  NIS+  root  master
     servers  or  machines  that  were  installed as NIS+ clients
     using suninstall(1M).

     Use the third synopsis (-u  option)  to  initialize  a  NIS+
     user.  You  must  be  logged in as the user on a NIS+ client
     machine in the domain where your NIS+ credentials have  been
     created.  Your administrator should have already created the
     NIS+ credential for your  username  using  nisclient  -c  or
     nispopulate(1M).  You  will  need  the network password your
     administrator used to create the NIS+  credential  for  your
     username.  nisclient  will prompt you for this network pass-
     word to decrypt your secret key  and  then  for  your  login
     password to generate a new set of secret/public keys.

     Use the fourth synopsis (-r option) to restore  the  network
     service  environment  to whatever you were using before nis-
     client -i was executed. You must be logged in as  super-user
     on the machine that is to be restored. The restore will only
     work if  the  machine  was  initialized  with  nisclient  -i
     because it uses the backup files created by the -i option.

     Reboot the machine after initializing a machine or restoring
     the network service.

OPTIONS
     The following options are supported:

     -a <NIS+_server_addr>   Specifies the  IP  address  for  the
                             NIS+  server.  This  option  is used
                             only with the -i option.



     -c                      Adds DES credentials for NIS+  prin-
                             cipals.



     -d <NIS+_domain>        Specifies the NIS+ domain where  the
                             credential  should  be  created when
                             used  in  conjunction  with  the  -c
                             option.  It  specifies  the name for
                             the new NIS+  domain  when  used  in
                             conjunction  with the -i option. The
                             default is your current domainname.



     -h <NIS+_server_host>   Specifies the  NIS+  server's  host-
                             name.  This option is used only with
                             the -i option.



     -i                      Initializes a NIS+ client machine.



     -l <network_password>   Specifies the network  password  for
                             the  clients.  This  option  is used
                             only with the  -c  option.  If  this
                             option  is not specified, the script
                             will  prompt  you  for  the  network
                             password.



     -k  <key_domain>        This  option  specifies  the  domain
                             where root's credentials are stored.
                             If a domain is not  specified,  then
                             the   system   default   domain   is
                             assumed.



     -o                      Overwrites    existing    credential
                             entries.   The  default  is  not  to
                             overwrite. This is  used  only  with
                             the -c option.



     -r                      Restores   the    network    service
                             environment.



     -S 0|2                  Specifies the  authentication  level
                             for  the NIS+ client. Level 0 is for
                             unauthenticated clients and level  2
                             is  for authenticated (DES) clients.
                             The default is to set up with  level
                             2  authentication. This is used only
                             with the -i option. nisclient always
                             uses  level  2  authentication (DES)
                             for both -c and -u  options.   There
                             is  no need to run nisclient with -u
                             and -c for level  0  authentication.
                             To  configure authentication mechan-
                             isms  other  than  DES  at  security
                             level  2, use nisauthconf(1M) before
                             running nisclient.



     -u                      Initializes a NIS+ user.



     -v                      Runs the script in verbose mode.



     -x                      Turns the "echo" mode on. The script
                             just  prints  the  commands  that it
                             would have executed. Notice that the
                             commands  are not actually executed.
                             The default is off.


EXAMPLES
     Example 1: Adding the DES Credential in the Local Domain

     To add the DES credential for host sunws and  user  fred  in
     the local domain:


     example% /usr/lib/nis/nisclient -c sunws fred


     Example 2: Adding the DES Credential in a Specified Domain

     To add the DES credential for host sunws and  user  fred  in
     domain xyz.example.com.:

     example% /usr/lib/nis/nisclient -c -d xyz.example.com. sunws fred

     Example 3: Initializing the Host in a Specific Domain

     To  initialize  host  sunws  as  a  NIS+  client  in  domain
     xyz.example.com.  where  nisplus_server  is a server for the
     domain xyz.example.com.:

     example# /usr/lib/nis/nisclient -i -h nisplus_server -d xyz.example.com

     The  script  will  prompt  you  for  the   IP   address   of
     nisplus_server  if the server is not found in the /etc/hosts
     file. The -d option is needed only if  your  current  domain
     name is different from the new domain name.

     Example 4:  Initializing  the  Host  as  an  Unauthenticated
     Client in a Specific Domain

     To initialize host sunws as an unauthenticated  NIS+  client
     in  domain xyz.example.com. where nisplus_server is a server
     for the domain xyz.example.com:

     example# /usr/lib/nis/nisclient -i -S 0 \
        -h nisplus_server -d xyz.example.com. -a 172.16.44.1

     Example 5: Initializing the User as a NIS+ principal

     To initialize user fred as a NIS+ principal, log in as  user
     fred on a NIS+ client machine.

     example% /usr/lib/nis/nisclient -u

FILES
     /var/nis/NIS_COLD_START         This file contains a list of
                                     servers,   their   transport
                                     addresses, and their  Secure
                                     RPC  public  keys that serve



SunOS 5.10          Last change: 12 Dec 2001                    5






System Administration Commands                      nisclient(1M)



                                     the machines default domain.



     /etc/defaultdomain              The system  default  domain-
                                     name.



     /etc/nsswitch.conf              Configuration file  for  the
                                     name-service switch.



     /etc/inet/hosts                 Local host name database.



ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWnisu                    |
    |_____________________________|_____________________________|


SEE ALSO
     chkey(1),  keylogin(1),  nis+(1),  passwd(1),   keyserv(1M),
     nisaddcred(1M),         nisauthconf(1M),        nisinit(1M),
     nispopulate(1M),      suninstall(1M),      nsswitch.conf(4),
     resolv.conf(4), attributes(5)

NOTES
     NIS+ might not  be  supported  in  future  releases  of  the
     SolarisTM  Operating Environment. Tools to aid the migration
     from NIS+ to LDAP are available in the Solaris  9  operating
     environment.      For      more      information,      visit
     http://www.sun.com/directory/nisplus/transition.html.