Setting Up NIS+ Client Systems
After you have populated the tables for the root master server from files or NIS maps, you can initialize NIS+ client systems. You do not need to do any further steps to initialize the root master server because it is already an NIS+ client of its own domain.
The following section describes how to set up an NIS+ client with the nisclient script.
Preparing to Run the nisclient Command
Before you run the nisclient command, the following conditions must be met.
The domain must already be configured and its master server must be running.
The master server NIS+ tables must be populated. At a minimum, the hosts or ipnodes table must have an entry for the client system. If you are using DNS, the NIS+ hosts and ipnodes tables should be empty and the hosts entry in /etc/nsswitch.conf should be hosts: files dns.
You must be logged in as superuser on the system that is to become an NIS+ client. In the following example, the new client system is named paperbark.
You need the following information before you run the nisclient command.
The domain name.
The default Secure RPC password (nisplus)
The root password of the client system
The IP address of the NIS+ server in the client's home domain.
If you use DES authentication, note the Diffie-Hellman key length used on the master server. Use nisauthconf to ascertain the master server Diffie-Hellman key length.
Security Considerations
Both the administrator and the client must have the proper credentials and access rights. The administrator can have either:
A combination of DES credentials in the administrator's home domain and LOCAL credentials in the client's domain.
See Chapter 5, “Introducing the NIS+ Environment,” for more information about DES and LOCAL credentials.
After you create the client's credentials in the NIS+ domain, you can complete the setup process on the client system. The directory object for its home domain on the NIS+ server must have Read access for the World and Nobody categories. If you are adding a client to an NIS+ domain that has existing clients, the directory object probably has the proper access permissions.
You can check the access rights for the directory object with the niscat -o command. The access rights are displayed on the fifth line of the output. In this example, the World category has Read access, as shown by the r--- at the end of the access rights string:
rootmaster# niscat -o ESG.Eng.wellard.COM.
Object Name : ESG
Owner : oak.ESG.Eng.sun.COM.
Group : admin.ESG.Eng.sun.COM.
Domain : Eng.sun.COM.
Access Rights : r---rmcdrmcdr---
Time to Live : 12:0:0
Object Type : DIRECTORY
Name : 'ESG.Eng.sun.COM.'
Type : NIS
Master Server :
Name : oak.ESG.Eng.sun.COM.
Public Key : None.
Universal addresses (6)
[1] - udp, inet, 127.0.0.1.0.111
[2] - tcp, inet, 127.0.0.1.0.111
[3] - -, inet, 127.0.0.1.0.111
[4] - -, loopback, oak.rpc
[5] - -, loopback, oak.rpc
[6] - -, loopback, oak.rpc
Time to live : 12:0:0
Default Access rights :
If you have Modify rights, you can change the access rights for the directory object, with the nischmod command. See the nischmod(1) manual page for more information.
DES Authentication
The DES authentication must match on the root master server and the client systems. Use the nisauthconf command on the root master to determine the DES authentication.
The following example shows that the default DES authentication is configured.
# /usr/lib/nis/nisauthconf
des
#
The following example shows that 640-bit Diffie-Hellman keys has been configured as well as the default 192-bit keys
# /usr/lib/nis/nisauthconf
dh640dh-0 des
#
If you need to specify the Diffie-Hellman key length (it is configured to something other than the default), on the client system, use the nisauthconf command to configure the client to match the setting on the root master server.
The following example configures the client system, paperbark, with dh640dh-0 des.
paperbark% su Password: # /usr/lib/nis/nisauthconf dh640dh-0 des #
Initializing a New Client System
Use the following steps to initialize a new client NIS+ system.
1. |
Become superuser on the client system. |
2. |
All on one line, type /usr/lib/nis/nisclient -i -d
domainname
-h
NIS+-master and press Return. The -i option initializes a client system. The -d option specifies the NIS+ domain name. If you do not specify the domain name, the default is the current domain name. The -h option specifies the name of the NIS+ server. The following example initializes the system paperbark in the wellard.com. domain from the castle NIS master server. # /usr/lib/nis/nisclient -i -d wellard.com. -h castle Initializing client paperbark for domain "wellard.com.". Once initialization is done, you will need to reboot your machine. Do you want to continue? (type 'y' to continue, 'n' to exit this script) y setting up domain information "wellard.com."... Can't open /etc/defaultdomain cp: cannot access /etc/defaultdomain setting up the name service switch information... At the prompt below, type the network password (also known as the Secure-RPC password) that you obtained either from your administrator or from running the nispopulate script. Please enter the Secure-RPC password for root: Please enter the login password for root: Your network password has been changed to your login one. Your network and login passwords are now the same. Client initialization completed!! Please reboot your machine for changes to take effect. # |
3. |
Type init 6 to reboot the system. |