The three different ways to initialize an NIS+ client are:
Broadcast method (see Broadcast Initialization in NIS+)
Host-name method (see Initializing an NIS+ Client by Using the Host Name Method)
Cold-start file method (see Initializing an NIS+ Client by Using the Cold-Start Method)
This method initializes an NIS+ client by sending an IP broadcast on the client's subnet.
This is the simplest way to configure a client but is also the least secure. The NIS+ server that responds to the broadcast sends the client all the information that the client needs in its cold-start file, including the server's public key. Presumably, only an NIS+ server will respond to the broadcast. However, the client has no way of knowing whether the machine that responded to the broadcast is indeed a trusted server. As a result, this method is only recommended for sites with small, secure networks.
At least one NIS+ server must exist on the same subnet as the client. The client must use the same Diffie-Hellman key lengths as those on the master server. See nisauthconf(1M).
You must perform this task as superuser on the client. You need the superuser password to the client.
This step initializes the client and creates a NIS_COLD_START file in its /var/nis directory. Use the nisinit command with the -c and -B options.
client1# nisinit -c -B This machine is in the doc.com. NIS+ domain. Setting up NIS+ client ... All done. |
An NIS+ server on the same subnet will reply to the broadcast and add its location information into the client's cold-start file.
Initializing a client by host name consists of explicitly identifying the IP address of its trusted server. This server's name, location information, and public keys are then placed in the client's cold-start file.
This method is more secure than the broadcast method because it actually specifies the IP address of the trusted server, rather than relying on a server to identify itself. However, if a router exists between the client and the trusted server, it could intercept messages to the trusted IP address and route them to an untrusted server.
Use the nisinit command to initialize an NIS+ client by host name.
You must perform this operation as superuser on the client.
You need the name and IP address of the trusted server.
The NIS+ service must be running in the client's domain.
The client must have an entry in its /etc/hosts file for an IPv6 trusted server.
Prior to the Solaris 10 7/07 release, the client must have an entry in its /etc/inet/ipnodes file for its IPv6 trusted server.
An entry in either the master server's /etc/hosts or in its domain's hosts table.
The client must use the same Diffie-Hellman key lengths as those on the master server. See nisauthconf(1M).
Check the client's /etc/hosts file.
Prior to the Solaris 10 7/07 release, check the client's /etc/inet/ipnodes file.
Make sure the client has an entry for the trusted server.
Initialize the client.
This step initializes the client and creates a NIS_COLD_START file in its /var/nis directory. Use the nisinit command with the -c and -H options. This example uses rootmaster as the trusted server.
Client1# nisinit -c -H rootmaster This machine is in the doc.com. NIS+ domain. Setting up NIS+ client ... All done. |
The nisinit utility looks for the server's address in the client's /etc/hosts file, so do not append a domain name to the server. If you do, the utility will not be able to find its address.
Prior to the Solaris 10 7/07 release, the nisinit utility looks for an IPv6 server's address in the client's/etc/inet/ipnodes file.
This task initializes an NIS+ client by using the cold-start file of another NIS+ client, preferably one from the same domain. This is the most secure method of setting up an NIS+ client. It ensures that the client obtains its NIS+ information from a trusted server, something that cannot be guaranteed by the host-name or broadcast method.
Use the nisinit command with a cold-start file to initialize an NIS+ client.
You must perform this task as superuser on the client.
You need the name and location of the cold-start file you will copy.
The servers specified in the cold-start file must already be configured and running NIS+.
The client must use the same Diffie-Hellman key lengths as those on the master server. See nisauthconf(1M).
Copy the other client's cold-start file.
Copy the other client's cold-start file into a directory in the new client. This may be easier to do while logged on as yourself rather than as superuser on the client. Be sure to switch back to superuser before initializing the client.
Don't copy the NIS_COLD_START file into /var/nis, because that file gets overwritten during initialization. This example copies the cold-start file of previously initialized client1 into the /tmp directory of uninitialized client2.
client2# exit client2% rcp client1:/var/nis/NIS_COLD_START /tmp client2% su |
Initialize the client from the cold-start file.
Use the nisinit command with the -c and -C options.
client2# nisinit -c -C /tmp/NIS_COLD_START This machine is in the doc.com. NIS+ domain. Setting up NIS+ client ... All done. |