Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
6.  Configuring NIS+ Clients Initializing an NIS+ Client Initializing a Client by Host Name  Previous   Contents   Next 
   
 

Security Considerations

You must perform this operation as superuser on the client.

Prerequisites

  • The NIS+ service must be running in the client's domain.

  • The client must have an entry in its /etc/hosts or /etc/inet/ipnodes file for the trusted server.

  • The client must use the same Diffie-Hellman key lengths as those on the master server. See nisauthconf(1M).

Information You Need

You need the name and IP address of the trusted server.

Initializing an NIS+ Client--Task Map

Table 6-4 Initializing an NIS+ Client

Task

Description

For Instructions, Go To

Initializing a Client by Host Name

Use nisinit command to initialize an NIS+ client by host name.

"How to Initialize a Client--Host-name Method"

How to Initialize a Client--Host-name Method

  1. Check the client's /etc/hosts or /etc/inet/ipnodes file.

    Make sure the client has an entry for the trusted server.

  2. Initialize the client.

    This step initializes the client and creates a NIS_COLD_START file in its /var/nis directory. Use the nisinit command with the -c and -H options. This example uses rootmaster as the trusted server.

    Client1# nisinit -c -H rootmaster
This machine is in the doc.com. NIS+ domain.
Setting up NIS+ client ...
All done.

    The nisinit utility looks for the server's address in the client's /etc/hosts or /etc/inet/ipnodes file, so do not append a domain name to the server. If you do, the utility will not be able to find its address.

Initializing Client Using a Cold-Start File

This task initializes an NIS+ client by using the cold-start file of another NIS+ client, preferably one from the same domain. This is the most secure method of setting up an NIS+ client. It ensures that the client obtains its NIS+ information from a trusted server, something that cannot be guaranteed by the host-name or broadcast method.

Security Considerations

You must perform this task as superuser on the client.

Prerequisites

The servers specified in the cold-start file must already be configured and running NIS+.

The client must use the same Diffie-Hellman key lengths as those on the master server. See nisauthconf(1M).

Information You Need

You need the name and location of the cold-start file you will copy.

Initializing an NIS+ Client--Task Map

Table 6-5 Initializing an NIS+ Client

Task

Description

For Instructions, Go To

InitializingClient via Cold-Start File

Use nisinit command to initialize an NIS+ client via a cold-start file

"How to Initialize a Client--Cold-Start Method"

How to Initialize a Client--Cold-Start Method

  1. Copy the other client's cold-start file.

    Copy the other client's cold-start file into a directory in the new client. This may be easier to do while logged on as yourself rather than as superuser on the client. Be sure to switch back to superuser before initializing the client.

    Don't copy the NIS_COLD_START file into /var/nis, because that file gets overwritten during initialization. This example copies the cold-start file of previously initialized client1 into the /tmp directory of uninitialized client2.

    client2# exit
client2% rcp client1:/var/nis/NIS_COLD_START /tmp
client2% su

  2. Initialize the client from the cold-start file.

    Use the nisinit command with the -c and -C options.

    client2# nisinit -c  -C /tmp/NIS_COLD_START 
This machine is in the doc.com. NIS+ domain.
Setting up NIS+ client ...
All done.

NIS+ Client Configuration Summary

Table 6-6 shows a summary of the steps required to configure a client named client1 in the doc.com domain. It assumes the simplest case, so be sure you are familiar with the more thorough task descriptions before you use this summary as a reference. For the sake of brevity, this summary does not show the responses to each command.

Table 6-6 Setting Up a Client: Command Summary

Tasks

Commands

Log in to domain's master.

rootmaster%

Create DES credentials for client.

rootmaster% nisaddcred -p unix.client1.doc.com -P client1.doc.com. des

Ascertain the Diffie-Hellman .key length.

rootmaster% nisauthconf

Log in, as superuser, to the client.

client1% su

Password:

Assign the client a domain name.

client1# domainname doc.com

client1# domainname > /etc/defaultdomain

Check that the client's switch configuration file has the correct settings.

client1# more /etc/nsswitch.conf

Set the Diffie-Hellman key length.

client1# nisauthconf dh640-0 des

Clean out /var/nis.

client1# rm -rf /var/nis/*

Initialize the client.

client1# nisinit -c -H rootmaster

Kill and restart the keyserver.

client1# ps -ef | grep keyserv

client1# kill -9 process-id

client1# keyserv

Run keylogin on the client.

client1# keylogin -r password:

Reboot the client.

client1# init 6

 		 
 
  Previous   Contents   Next