unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 nisclient(1M)						       nisclient(1M)




 NAME
      nisclient - initialize NIS+ credentials for NIS+ principals

 SYNOPSIS
      /usr/lib/nis/nisclient  -c [ -x ] [ -o ] [ -v ]
	   [ -l network_password ]
	   [ -d NIS+_domain ]  client_name ...

      /usr/lib/nis/nisclient  -i [ -x ] [ -v ]
	   -h NIS+_server_host [ -a NIS+_server_addr ]
	   [ -d NIS+_domain ] [ -S 0|2 ]

      /usr/lib/nis/nisclient -u [ -x ] [ -v ]

      /usr/lib/nis/nisclient -r [ -x ]

 DESCRIPTION
      The nisclient shell script can be used to:

	   +  create NIS+ credentials for hosts and users

	   +  initialize NIS+ hosts and users

	   +  restore the network service environment

      NIS+ credentials are used to provide authentication information of
      NIS+ clients to NIS+ service.

      Use the first synopsis ( -c ) to create individual NIS+ credentials
      for hosts or users.   You must be logged in as a NIS+ principal in the
      domain for which you are creating the new credentials. You must also
      have write permission to the local "cred" table. The client_name
      argument accepts any valid host or user name in the NIS+ domain (for
      example, the client_name must exist in the hosts or passwd table).
      nisclient verifies each client_name against both the hosts and passwd
      tables, then adds the proper NIS+ credentials for hosts or users.
      Note that if you are creating NIS+ credentials outside of your local
      domain, the host or user must exist in the hosts or passwd tables in
      both the local and remote domains.

      By default, nisclient will not overwrite existing entries in the
      credential table for the hosts and users specified.  To overwrite, use
      the -o option.  After the credentials have been created, nisclient
      will print the command that must be executed on the client machine to
      initialize the host or the user.	The -c option requires a network
      password for the client which is used to encrypt the secret key for
      the client.  You can either specify it on the command line with the -l
      option or the script will prompt you for it.  You can change this
      network password later with nispasswd(1) or chkey(1).





 Hewlett-Packard Company	    - 1 -   HP-UX Release 11i: November 2000






 nisclient(1M)						       nisclient(1M)




      nisclient -c is not intended to be used to create NIS+ credentials for
      all users and hosts that are defined in the passwd and hosts tables.
      To define credentials for all users and hosts, use nispopulate(1M).

      Use the second synopsis ( -i ) to initialize a NIS+ client machine. -i
      The option can be used to convert machines to use NIS+ or to change
      the machine's domainname. You must be logged in as super-user on the
      machine that is to become a NIS+ client.	Your administrator must have
      already created the NIS+ credential for this host by using nisclient
      -c or nispopulate -C.  You will need the network password your
      administrator created. nisclient will prompt you for the network
      password to decrypt your secret key and then for this machine's root
      login password to generate a new set of secret/public keys. If the
      NIS+ credential was created by your administrator using nisclient -c,
      then you can simply use the initialization command that was printed by
      the nisclient script to initialize this host instead of typing it
      manually.

      To initialize an unauthenticated NIS+ client machine, use the -i
      option with the -S 0.  With these options, the nisclient -i option
      will not ask for any passwords.

      During the client initialization process, files that are being
      modified are backed up as files.no_nisplus.  The files that are
      usually modified during a client initialization are:
      /etc/rc.config.d/namesvrs, /etc/nsswitch.conf, /etc/hosts, and, if it
      exists, /var/nis/NIS_COLD_START.	Note that a file will not be saved
      if a backup file already exists.

      The -i option does not set up an NIS+ client to resolve hostnames
      using DNS.  Please refer to the DNS documentation for information on
      setting up DNS. (See resolver(4)).

      Use the third synopsis ( -u ) to initialize a NIS+ user.	You must be
      logged in as the user on a NIS+ client machine in the domain where
      your NIS+ credentials have been created.	Your administrator should
      have already created the NIS+ credential for your username using
      nisclient -c or nispopulate(1M).	You will need the network password
      your administrator used to create the NIS+ credential for your
      username. nisclient will prompt you for this network password to
      decrypt your secret key and then for your login password to generate a
      new set of secret/public keys.

      Use the fourth synopsis (-r) to restore the network service
      environment to whatever you were using before nisclient -i was
      executed.	 You must be logged in as super-user on the machine that is
      to be restored.  The restore will only work if the machine was
      initialized with nisclient -i because it uses the backup files created
      by the -i option.





 Hewlett-Packard Company	    - 2 -   HP-UX Release 11i: November 2000






 nisclient(1M)						       nisclient(1M)




      Reboot the machine after initializing a machine or restoring the
      network service.

    Options
      -a NIS+_server_addr   Specifies the IP address for the NIS+ server.
			    This option is used only with the -i option.

      -c		    Adds DES credentials for NIS+ principals.

      -d NIS+_domain	    Specifies the NIS+ domain where the credential
			    should be created when used in conjuction with
			    the -c option.  It specifies the name for the
			    new NIS+ domain when used in conjuction with the
			    -i option.	The default is your current
			    domainname.

      -h NIS+_server_host   Specifies the NIS+ server's hostname. This
			    option is used only with the -i option.

      -i		    Initializes an NIS+ client machine.

      -l network_password   Specifies the network password for the clients.
			    This option is used only with the -c option. If
			    this option is not specified, the script will
			    prompt you for the network password.

      -o		    Overwrite existing credential entries. The
			    default is not to overwrite.  This is used only
			    with the -c option.

      -r		    Restores the network service environment.

      -S 0|2		    Specifies the authentication level for the NIS+
			    client.  Level 0 is for unauthenticated clients
			    and level 2 is for authenticated (DES) clients.
			    The default is to set up with level 2
			    authentication.  This is used only with the -i
			    option.  nisclient always uses level 2
			    authentication (DES) for both -c and -u options.
			    There is no need to run nisclient with -u and -c
			    for level 0 authentication.

      -u		    Initializes an NIS+ user.

      -v		    Runs the script in verbose mode.

      -x		    turns the "echo" mode on.  The script just
			    prints the commands that it would have executed.
			    Note that the commands are not actually
			    executed.  The default is off.




 Hewlett-Packard Company	    - 3 -   HP-UX Release 11i: November 2000






 nisclient(1M)						       nisclient(1M)




 EXAMPLES
      To add the DES credential for host hpws and user fred in the local
      domain:

	   /usr/lib/nis/nisclient -c hpws fred

      To add the DES credential for host hpws and user fred in domain
      xyz.hp.com.:

	   /usr/lib/nis/nisclient -c -d xyz.hp.com. hpws fred

      To initialize host hpws as an NIS+ client in domain xyz.hp.com. where
      nisplus_server is a server for the domain xyz.hp.com.:

	   /usr/lib/nis/nisclient -i -h nisplus_server -d xyz.hp.com.

      The script will prompt you for the IP address of nisplus_server if the
      server is not found in the /etc/hosts file.  The -d option is needed
      only if your current domain name is different from the new domain
      name.

      To initialize host hpws as an unauthenticated NIS+ client in domain
      xyz.hp.com.  where nisplus_server is a server for the domain
      xyz.hp.com.:

	   /usr/lib/nis/nisclient -i -S 0 -h nisplus_server -d xyz.hp.com. \
	       -a 129.140.44.1

      To initialize user fred as an NIS+ principal, log in as user fred on
      an NIS+ client machine.

	   /usr/lib/nis/nisclient -u

 FILES
      /var/nis/NIS_COLD_START  This file contains a list of servers, their
			       transport addresses, and their Secure RPC
			       public keys that serve the machines default
			       domain.
      /etc/defaultdomain       the system default domainname
      /etc/nsswitch.conf       configuration file for the name-service
			       switch
      /etc/hosts	       local host name database

 AUTHOR
      nisclient was developed by Sun Microsystems, Inc.

 SEE ALSO
      chkey(1), keylogin(1), nis+(1), nispasswd(1), keyserv(1M),
      nisaddcred(1M), nisinit(1M), nispopulate(1M), nsswitch.conf(4),
      resolver(4).




 Hewlett-Packard Company	    - 4 -   HP-UX Release 11i: November 2000