nisclient - initialize NIS+ credentials for NIS+ principals
/usr/lib/nis/nisclient -c [ -x ] [ -o ] [ -v ]
[ -l network_password ]
[ -d NIS+_domain ] client_name ...
/usr/lib/nis/nisclient -i [ -x ] [ -v ]
-h NIS+_server_host [ -a NIS+_server_addr ]
[ -d NIS+_domain ] [ -S 0|2 ]
/usr/lib/nis/nisclient -u [ -x ] [ -v ]
/usr/lib/nis/nisclient -r [ -x ]
The nisclient shell script can be used to:
+ create NIS+ credentials for hosts and users
+ initialize NIS+ hosts and users
+ restore the network service environment
NIS+ credentials are used to provide authentication information of
NIS+ clients to NIS+ service.
Use the first synopsis ( -c ) to create individual NIS+ credentials
for hosts or users. You must be logged in as a NIS+ principal in the
domain for which you are creating the new credentials. You must also
have write permission to the local "cred" table. The client_name
argument accepts any valid host or user name in the NIS+ domain (for
example, the client_name must exist in the hosts or passwd table).
nisclient verifies each client_name against both the hosts and passwd
tables, then adds the proper NIS+ credentials for hosts or users.
Note that if you are creating NIS+ credentials outside of your local
domain, the host or user must exist in the hosts or passwd tables in
both the local and remote domains.
By default, nisclient will not overwrite existing entries in the
credential table for the hosts and users specified. To overwrite, use
the -o option. After the credentials have been created, nisclient
will print the command that must be executed on the client machine to
initialize the host or the user. The -c option requires a network
password for the client which is used to encrypt the secret key for
the client. You can either specify it on the command line with the -l
option or the script will prompt you for it. You can change this
network password later with nispasswd(1) or chkey(1).
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000
nisclient -c is not intended to be used to create NIS+ credentials for
all users and hosts that are defined in the passwd and hosts tables.
To define credentials for all users and hosts, use nispopulate(1M).
Use the second synopsis ( -i ) to initialize a NIS+ client machine. -i
The option can be used to convert machines to use NIS+ or to change
the machine's domainname. You must be logged in as super-user on the
machine that is to become a NIS+ client. Your administrator must have
already created the NIS+ credential for this host by using nisclient
-c or nispopulate -C. You will need the network password your
administrator created. nisclient will prompt you for the network
password to decrypt your secret key and then for this machine's root
login password to generate a new set of secret/public keys. If the
NIS+ credential was created by your administrator using nisclient -c,
then you can simply use the initialization command that was printed by
the nisclient script to initialize this host instead of typing it
To initialize an unauthenticated NIS+ client machine, use the -i
option with the -S 0. With these options, the nisclient -i option
will not ask for any passwords.
During the client initialization process, files that are being
modified are backed up as files.no_nisplus. The files that are
usually modified during a client initialization are:
/etc/rc.config.d/namesvrs, /etc/nsswitch.conf, /etc/hosts, and, if it
exists, /var/nis/NIS_COLD_START. Note that a file will not be saved
if a backup file already exists.
The -i option does not set up an NIS+ client to resolve hostnames
using DNS. Please refer to the DNS documentation for information on
setting up DNS. (See resolver(4)).
Use the third synopsis ( -u ) to initialize a NIS+ user. You must be
logged in as the user on a NIS+ client machine in the domain where
your NIS+ credentials have been created. Your administrator should
have already created the NIS+ credential for your username using
nisclient -c or nispopulate(1M). You will need the network password
your administrator used to create the NIS+ credential for your
username. nisclient will prompt you for this network password to
decrypt your secret key and then for your login password to generate a
new set of secret/public keys.
Use the fourth synopsis (-r) to restore the network service
environment to whatever you were using before nisclient -i was
executed. You must be logged in as super-user on the machine that is
to be restored. The restore will only work if the machine was
initialized with nisclient -i because it uses the backup files created
by the -i option.
Hewlett-Packard Company - 2 - HP-UX Release 11i: November 2000
Reboot the machine after initializing a machine or restoring the
-a NIS+_server_addr Specifies the IP address for the NIS+ server.
This option is used only with the -i option.
-c Adds DES credentials for NIS+ principals.
-d NIS+_domain Specifies the NIS+ domain where the credential
should be created when used in conjuction with
the -c option. It specifies the name for the
new NIS+ domain when used in conjuction with the
-i option. The default is your current
-h NIS+_server_host Specifies the NIS+ server's hostname. This
option is used only with the -i option.
-i Initializes an NIS+ client machine.
-l network_password Specifies the network password for the clients.
This option is used only with the -c option. If
this option is not specified, the script will
prompt you for the network password.
-o Overwrite existing credential entries. The
default is not to overwrite. This is used only
with the -c option.
-r Restores the network service environment.
-S 0|2 Specifies the authentication level for the NIS+
client. Level 0 is for unauthenticated clients
and level 2 is for authenticated (DES) clients.
The default is to set up with level 2
authentication. This is used only with the -i
option. nisclient always uses level 2
authentication (DES) for both -c and -u options.
There is no need to run nisclient with -u and -c
for level 0 authentication.
-u Initializes an NIS+ user.
-v Runs the script in verbose mode.
-x turns the "echo" mode on. The script just
prints the commands that it would have executed.
Note that the commands are not actually
executed. The default is off.
Hewlett-Packard Company - 3 - HP-UX Release 11i: November 2000
To add the DES credential for host hpws and user fred in the local
/usr/lib/nis/nisclient -c hpws fred
To add the DES credential for host hpws and user fred in domain
/usr/lib/nis/nisclient -c -d xyz.hp.com. hpws fred
To initialize host hpws as an NIS+ client in domain xyz.hp.com. where
nisplus_server is a server for the domain xyz.hp.com.:
/usr/lib/nis/nisclient -i -h nisplus_server -d xyz.hp.com.
The script will prompt you for the IP address of nisplus_server if the
server is not found in the /etc/hosts file. The -d option is needed
only if your current domain name is different from the new domain
To initialize host hpws as an unauthenticated NIS+ client in domain
xyz.hp.com. where nisplus_server is a server for the domain
/usr/lib/nis/nisclient -i -S 0 -h nisplus_server -d xyz.hp.com. \
To initialize user fred as an NIS+ principal, log in as user fred on
an NIS+ client machine.
/var/nis/NIS_COLD_START This file contains a list of servers, their
transport addresses, and their Secure RPC
public keys that serve the machines default
/etc/defaultdomain the system default domainname
/etc/nsswitch.conf configuration file for the name-service
/etc/hosts local host name database
nisclient was developed by Sun Microsystems, Inc.
chkey(1), keylogin(1), nis+(1), nispasswd(1), keyserv(1M),
nisaddcred(1M), nisinit(1M), nispopulate(1M), nsswitch.conf(4),
Hewlett-Packard Company - 4 - HP-UX Release 11i: November 2000