Initializing an NIS+ Client
The three different ways to initialize a NIS+ client are:
-
Broadcast method (see "Broadcast Initialization")
-
Host-name method (see "Initializing a Client by Host Name")
-
Cold-start file method (see "Initializing Client Using a Cold-Start File")
Broadcast Initialization
This method initializes an NIS+ client by sending an IP broadcast on the client's subnet.
This is the simplest way to configure a client but is also the least secure. The NIS+ server that responds to the broadcast sends the client all the information that the client needs in its cold-start file, including the server's public key. Presumably, only an NIS+ server will respond to the broadcast. However, the client has no way of knowing whether the workstation that responded to the broadcast is indeed a trusted server. As a result, this method is only recommended for sites with small, secure networks.
Security Considerations
You must perform this task as superuser on the client.
Prerequisites
At least one NIS+ server must exist on the same subnet as the client. The client must use the same Diffie-Hellman key lengths as those on the master server. See nisauthconf(1M).
Information You Need
You need the superuser password to the client.
Initializing an NIS+ Client--Task Map
Table 6-3 Initializing an NIS+ Client|
Task |
Description |
For Instructions, Go To |
|
|---|---|---|---|
|
Initializing an NIS+ Client |
Use nisclient command to initialize an NIS+ client | ||
How to Initialize a Client--Broadcast Method
Initialize the client.
This step initializes the client and creates a NIS_COLD_START file in its /var/nis directory. Use the nisinit command with the -c and -B options.
client1# nisinit -c -B This machine is in the doc.com. NIS+ domain. Setting up NIS+ client ... All done. |
An NIS+ server on the same subnet will reply to the broadcast and add its location information into the client's cold-start file.
Initializing a Client by Host Name
Initializing a client by host name consists of explicitly identifying the IP address of its trusted server. This server's name, location information, and public keys are then placed in the client's cold-start file.
This method is more secure than the broadcast method because it actually specifies the IP address of the trusted server, rather than relying on a server to identify itself. However, if a router exists between the client and the trusted server, it could intercept messages to the trusted IP address and route them to an untrusted server.
Security Considerations
You must perform this operation as superuser on the client.
Prerequisites
-
The NIS+ service must be running in the client's domain.
-
The client must have an entry in its /etc/hosts or /etc/inet/ipnodes file for the trusted server.
-
The client must use the same Diffie-Hellman key lengths as those on the master server. See nisauthconf(1M).
Information You Need
You need the name and IP address of the trusted server.
Initializing an NIS+ Client--Task Map
Table 6-4 Initializing an NIS+ Client|
Task |
Description |
For Instructions, Go To |
|
|---|---|---|---|
|
Initializing a Client by Host Name |
Use nisinit command to initialize an NIS+ client by host name. | ||
How to Initialize a Client--Host-name Method
-
Check the client's /etc/hosts or /etc/inet/ipnodes file.
Make sure the client has an entry for the trusted server.
-
Initialize the client.
This step initializes the client and creates a NIS_COLD_START file in its /var/nis directory. Use the nisinit command with the -c and -H options. This example uses rootmaster as the trusted server.
Client1# nisinit -c -H rootmaster This machine is in the doc.com. NIS+ domain. Setting up NIS+ client ... All done.
The nisinit utility looks for the server's address in the client's /etc/hosts or /etc/inet/ipnodes file, so do not append a domain name to the server. If you do, the utility will not be able to find its address.
Initializing Client Using a Cold-Start File
This task initializes an NIS+ client by using the cold-start file of another NIS+ client, preferably one from the same domain. This is the most secure method of setting up an NIS+ client. It ensures that the client obtains its NIS+ information from a trusted server, something that cannot be guaranteed by the host-name or broadcast method.
Security Considerations
You must perform this task as superuser on the client.
Prerequisites
The servers specified in the cold-start file must already be configured and running NIS+.
The client must use the same Diffie-Hellman key lengths as those on the master server. See nisauthconf(1M).
Information You Need
You need the name and location of the cold-start file you will copy.
Initializing an NIS+ Client--Task Map
Table 6-5 Initializing an NIS+ Client|
Task |
Description |
For Instructions, Go To |
|
|---|---|---|---|
|
InitializingClient via Cold-Start File |
Use nisinit command to initialize an NIS+ client via a cold-start file | ||
How to Initialize a Client--Cold-Start Method
-
Copy the other client's cold-start file.
Copy the other client's cold-start file into a directory in the new client. This may be easier to do while logged on as yourself rather than as superuser on the client. Be sure to switch back to superuser before initializing the client.
Don't copy the NIS_COLD_START file into /var/nis, because that file gets overwritten during initialization. This example copies the cold-start file of previously initialized client1 into the /tmp directory of uninitialized client2.
client2# exit client2% rcp client1:/var/nis/NIS_COLD_START /tmp client2% su
-
Initialize the client from the cold-start file.
Use the nisinit command with the -c and -C options.
client2# nisinit -c -C /tmp/NIS_COLD_START This machine is in the doc.com. NIS+ domain. Setting up NIS+ client ... All done.
- © 2010, Oracle Corporation and/or its affiliates