rpc.nisd(1M)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | ENVIRONMENT VARIABLES | SUMMARY OF TRUSTED SOLARIS CHANGES | FILES | ATTRIBUTES | SEE ALSO

NAME

rpc.nisd, nisd- NIS+ service daemon

SYNOPSIS

/usr/sbin/rpc.nisd [-ACDFhlv] [-Y [-B [-t   netid]]] [-d   dictionary] [-L   load] [-S   level]

DESCRIPTION

The rpc.nisd daemon is an RPC service that implements the NIS+ service. This daemon must be running on all machines which serve a portion of the NIS+ namespace. A Trusted Solaris 7 system must be the root master in the NIS+ configuration.

rpc.nisd is usually started from a system startup script. It must be started through a role that has a UID of 0 and run with a sensitivity label of ADMIN_LOW . (For example, the role might be assigned the predefined NIS+ security administration and NIS+ administration profiles.) Upon startup, rpc.nisd must inherit the net_mac_read , net_upgrade_sl , and proc_setsl privileges.

OPTIONS

-A

Authentication verbose mode. The daemon logs all the authentication related activities to syslogd(1M) with LOG_INFO priority.

-C

Open diagnostic channel on /dev/console .

-D

Debug mode (don't fork).

-F

Force the server to do a checkpoint of the database when it starts up. Forced checkpoints may be required when the server is low on disk space. This option removes updates from the transaction log that have propagated to all of the replicas.

-h

Print list of options.

-u

Allow updates from non-Trusted Solaris TCB clients.

-v

Verbose. With this option, the daemon sends a running narration of what it is doing to the syslog daemon (see syslogd(1M) ) at LOG_INFO priority. This option is most useful for debugging problems with the service (see also -A option).

-Y

ypserve and other NIS (YP) compatibility is not supported in Trusted Solaris. Using this option may put the daemon in an unknown state.

-B

ypserve and other NIS (YP) compatibility is not supported in Trusted Solaris. Using this option may put the daemon in an unknown state.

-t netid

Use netid as the transport for communication between rpc.nisd and rpc.nisd_resolv . The default transport is ticots(7D) ( tcp on SunOS 4.x systems).

-d dictionary

Specify an alternate dictionary for the NIS+ database. The primary use of this option is for testing. Note that the string is not interpreted, rather it is simply passed to the db_initialize() function. See nis_db(3N) .

-L number

Specify the ``load'' the NIS+ service is allowed to place on the server. The load is specified in terms of the number of child processes that the server may spawn. This number must be at least 1 for the callback functions to work correctly. The default is 128.

-S level

Set the authorization security level of the service. The argument is a number between 0 and 2. By default, the daemon runs at security level 2.

0

Security level 0 is designed to be used for testing and initial setup of the NIS+ namespace. When running at level 0, the daemon does not enforce any access controls. Any client is allowed to perform any operation, including updates and deletions.

1

At security level 1, the daemon accepts both AUTH_SYS and AUTH_DES credentials for authenticating clients and authorizing them to perform NIS+ operations. This is not a secure mode of operation since AUTH_SYS credentials are easily forged. It should not be used on networks in which any untrusted users may potentially have access.

2

At security level 2, the daemon only accepts authentication using the security mechanisms configured by nisauthconf(1M) . The default security mechanism is AUTH_DES . Security level 2 is the default if the -S option is not used.

EXAMPLES

---

Example 1 Setting up the NIS+ service.




The following example sets up the NIS+ service.

example% rpc.nisd

---

---

Example 2 Setting Up NIS+ Service Emulating YP With DNS Forwarding




The following example sets up the NIS+ service, emulating YP with DNS forwarding.

example% rpc.nisd -YB

---

ENVIRONMENT VARIABLES

NETPATH

The transports that the NIS+ service will use can be limited by setting this environment variable (see netconfig(4) ).

SUMMARY OF TRUSTED SOLARIS CHANGES

A Trusted Solaris 7 system must be the root master of the NIS+ configuration. The rpc.nisd daemon must inherit the net_mac_read , net_upgrade_sl , and proc_setsl privileges upon startup. The daemon must be started by a role with a UID of 0 and run with a sensitivity label of ADMIN_LOW . ypserver and other NIS (YP) compatibility is not supported.

FILES

/var/nis/data/parent.object

This file describes the namespace that is logically above the NIS+ namespace. The most common type of parent object is a DNS object. This object contains contact information for a server of that domain.

/var/nis/data/root.object

This file describes the root object of the NIS+ namespace. It is a standard XDR -encoded NIS+ directory object that can be modified by authorized clients using the nis_modify(3N) interface.

/etc/init.d/rpc

Initialization script for NIS+ .

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWnisu

SEE ALSO

Trusted Solaris 7 Reference Manual

nis_cachemgr(1M) , rpc.nisd_resolv(1M) , rpc.nispasswdd(1M) , resolv.conf(4)

SunOS 5.7 Reference Manual

nisinit(1M) , nissetup(1M) , nslookup(1M) , syslogd(1M) , nis_db(3N) , netconfig(4) , nisfiles(4) , attributes(5) , ticots(7D)

Trusted Solaris 7  Last Revised 30 Jan 1998

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | ENVIRONMENT VARIABLES | SUMMARY OF TRUSTED SOLARIS CHANGES | FILES | ATTRIBUTES | SEE ALSO