Most of the command line administrative tasks associated with the NIS+ service are managed by the Service Management Facility (SMF). For an overview of SMF, refer to Chapter 18, Managing Services (Overview), in System Administration Guide: Basic Administration. Also refer to the svcadm(1M) and svcs(1) man pages for more details.
Administrative actions on the NIS+ service, such as enabling, disabling, or restarting, can be performed using the svcadm command. When the service is started or stopped, any dependent processes are also started or stopped.
Temporarily disabling a service by using the -t option provides some protection for the service configuration. If the service is disabled with the -t option, the original settings would be restored for the service after a reboot. If the service is disabled without -t, the service will remain disabled after reboot.
SMF automatically starts nis_cachemgr when it enables the NIS+ service, if it detects the /var/nis/NIS_COLD_START file.
The NIS+ Fault Managed Resource Identifier (FMRI) is svc:/network/rpc/nisplus:<instance>.
The FMRI for keyserv is svc:/network/rpc/keyserv:<instance>.
You can query the status of NIS+ by using the svcs command.
Example of svcs command and output.
# svcs \*nisplus\* STATE STIME FMRI disabled Sep_01 svc:/network/rpc/nisplus:default |
Example of svcs -l command and output.
# svcs -l network/rpc/nisplus fmri svc:/network/rpc/nisplus:default enabled false state disabled next_state none restarter svc:/system/svc/restarter:default dependency require_all/none svc:/network/rpc/keyserv (online) |
You can also use the svccfg utility to get more detailed information about a service. See the svccfg(1M) man page.
You can check a daemon's presence by using the ps command.
# ps -e | grep rpc.nisd |
Do not use the -f option with ps because this option attempts to translate user IDs to names, which causes more naming service lookups that might not succeed.
In general, the /usr/sbin/rpc.nisd daemon is administered using the svcadm command. However, when rpc.nisd is invoked with -x nisplusLDAPinitialUpdateOnly=yes, rpc.nisd performs the specified action, then exits. That is, rpc.nisd does not daemonize. SMF should not be used in conjunction with -x nisplusLDAPinitialUpdateOnly=yes. SMF can be used any other time you want to start, stop, or restart the rpc.nisd daemon.
The following example shows rpc.nisd used with -x nisplusLDAPinitialUpdateOnly=yes.
# /usr/sbin/rpc.nisd -m mappingfile \ -x nisplusLDAPinitialUpdateAction=from_ldap \ -x nisplusLDAPinitialUpdateOnly=yes |
If you want to include specific options when you invoke the rpc.nisd daemon with SMF, add the options to the /lib/svc/method/nisplus file. The following list provides some commonly used options.
Sets the server's security level to 0, which is required at this point for bootstrapping.
Because no cred table exists yet, no NIS+ principals can have credentials. If you use a higher security level, you are locked out of the server.
Supports DNS forwarding
Starts the NIS+ daemon in NIS-compatibility mode
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.
Stop the NIS+ service.
# svcadm disable network/rpc/nisplus:default |
Open the /lib/svc/method/nisplus file.
Use your preferred text editor.
Edit the file to add the desired options.
Example –
Change:
/usr/sbin/rpc.nisd $nisd_flags || exit $? |
To:
/usr/sbin/rpc.nisd $nisd_flags -Y -B || exit $? |
In this example, the -Y and -B options are added to rpc.nisd, so the options are automatically implemented at startup.
Save and quit.
Start the NIS+ service.
# svcadm enable network/rpc/nisplus:default |