rpc.nisd(1M) System Administration Commands rpc.nisd(1M)NAME
rpc.nisd, nisd - NIS+ service daemon
SYNOPSIS
/usr/sbin/rpc.nisd [-ACDFhlv] [-Y [-B [-t netid]]]
[-d dictionary] [-L load] [-S level] [-m mappingfile]
[-x attribute=value]... [-z number]
DESCRIPTION
The rpc.nisd daemon is an RPC service that implements the NIS+ service.
This daemon must be running on all machines that serve a portion of the
NIS+ namespace.
rpc.nisd is usually started from a system startup script.
The -B option causes rpc.nisd to start an auxiliary process,
rpc.nisd_resolv, which provides ypserv compatible DNS forwarding for
NIS host requests. rpc.nisd_resolv can also be started independently.
See rpc.nisd_resolv(1M) for more information on using rpc.nisd_resolv
independently.
The /etc/default/rpc.nisd file contains the following default parameter
settings. See FILES.
ENABLE_NIS_YP_EMULATION Specifies whether the server is put into NIS
(YP) compatibility mode. ENABLE_NIS_YP_EMU‐
LATION=YES is equivalent to the -Y command-
line option. The default value for
ENABLE_NIS_YP_EMULATION is NO.
OPTIONS-A Authentication verbose mode. The daemon logs all
the authentication related activities to sys‐
logd(1M) with LOG_INFO priority.
-B Provide ypserv compatible DNS forwarding for NIS
host requests. The DNS resolving process,
rpc.nisd_resolv, is started and controlled by
rpc.nisd. This option requires that the
/etc/resolv.conf file be setup for communication
with a DNS nameserver. The nslookup utility can
be used to verify communication with a DNS name‐
server. See resolv.conf(4) and nslookup(1M).
-C Open diagnostic channel on /dev/console.
-D Debug mode. Do not fork.
-d dictionary Specify an alternate dictionary for the NIS+
database. The primary use of this option is for
testing. Note that the string is not interpreted,
rather it is simply passed to the db_initialize
function.>
-F Force the server to do a checkpoint of the data‐
base when it starts up. Forced checkpoints may be
required when the server is low on disk space.
This option removes updates from the transaction
log that have propagated to all of the replicas.
-h Print list of options.
-L number Specify the ``load'' the NIS+ service is allowed
to place on the server. The load is specified in
terms of the number of child processes that the
server may spawn. The value of number must be at
least 1 for the callback functions to work cor‐
rectly. The default is 128.
-m mappingfile Specify the name of a configuration file that
maps NIS+ objects (especially tables and columns)
to LDAP (entries and attributes). See
NIS+LDAPmapping(4). The default path is /var/nis.
The default mapping file is NIS+LDAPmapping. If
this file exists, the rpc.nisd daemon will map
data to and from LDAP. A template mapping file
that covers the normal NIS+ directories and
tables is installed as /var/nis/NIS+LDAPmap‐
ping.template.
A NIS+ object must have a valid mapping entry in
the mapping file in order to have data for that
table read from or written to the LDAP reposi‐
tory.
The rpc.nisd(4) file contains specifications for
LDAP server addresses, LDAP authentication
method, and the like. See NIS+LDAPmapping(4) for
an overview of the setup you need to map NIS+
data to or from LDAP.
-S level Set the authorization security level of the ser‐
vice. The argument is a number between 0 and 2.
By default, the daemon runs at security level 2.
0 Security level 0 is designed to be used for
testing and initial setup of the NIS+ names‐
pace. When running at level 0, the daemon
does not enforce any access controls. Any
client is allowed to perform any operation,
including updates and deletions.
1 At security level 1, the daemon accepts both
AUTH_SYS and AUTH_DES credentials for
authenticating clients and authorizing them
to perform NIS+ operations. This is not a
secure mode of operation since AUTH_SYS cre‐
dentials are easily forged. It should not
be used on networks in which any untrusted
users may potentially have access.
2 At security level 2, the daemon only accepts
authentication using the security mechanisms
configured by nisauthconf(1M). The default
security mechanism is AUTH_DES. Security
level 2 is the default if the -S option is
not used.
-t netid Use netid as the transport for communication
between rpc.nisd and rpc.nisd_resolv. The default
transport is ticots(7D) ( tcp on SunOS 4.x sys‐
tems).
-v Verbose. With this option, the daemon sends a
running narration of what it is doing to the sys‐
log daemon (see syslogd(1M)) at LOG_INFO prior‐
ity. This option is most useful for debugging
problems with the service. See also -A option.
-x attribute=value Specify the value of the named attribute.
Attributes that control the NIS+ to LDAP mapping
operation are derived as follows:
1. Retrieve from LDAP.
2. Override with values from the mapping‐
file, if any. See the -m option.
3. Override with values from the command
line -x options.
See NIS+LDAPmapping(4) and rpc.nisd(4) for the
recognized attributes and their syntax.
As a special case, you can use the nisplusLdap‐
Config* attributes to derive additional informa‐
tion from LDAP. You can only specify the nis‐
plusLdapConfig* attributes in rpc.nisd(4) or by
means of the command line.
-Y Put the server into NIS (YP) compatibility mode.
When operating in this mode, the NIS+ server will
respond to NIS Version 2 requests using the ver‐
sion 2 protocol. Because the YP protocol is not
authenticated, only those items that have read
access to nobody (the unauthenticated request)
will be visible through the V2 protocol. It sup‐
ports only the standard Version 2 maps in this
mode (see -B option and NOTES in ypfiles(4)). See
FILES.
-z number Specify the maximum RPC record size that can be
used over connection oriented transports. The
default is 9000 bytes. If you specify a size less
than the default value, the default value will be
used instead.
EXAMPLES
Example 1 Setting up the NIS+ Service
The following example sets up the NIS+ service.
example% rpc.nisd
Example 2 Setting Up NIS+ Service Emulating YP With DNS Forwarding
The following example sets up the NIS+ service, emulating YP with DNS
forwarding.
example% rpc.nisd-YB
Example 3 Specifying NIS+ and LDAP Mapping Information
The following example shows how to specify that all additional NIS+ and
LDAP mapping information should be retrieved from DN "dc=x,dc=y,dc=z",
from the LDAP server at IP address 1.2.3.4, port 389. The examples uses
the simple authentication method and the cn=nisplusAdmin,ou=People,
proxy user. The -m option is omitted for clarity in this example..
-x nisplusLDAPconfigDN=dc=x,dc=y,dc=z \
-x nisplusLDAPconfigPreferredServerList=127.0.0.1:389 \
-x nisplusLDAPconfigAuthenticationMethod=simple \
-x nisplusLDAPconfigProxyUser=cn=nisplusAdmin,ou=People, \
-x nisplusLDAPconfigProxyPassword=xyzzy
ENVIRONMENT VARIABLES
NETPATH The transports that the NIS+ service will use can be limited
by setting this environment variable. See netconfig(4).
FILES
/var/nis/data/parent.object
This file describes the namespace that is logically above the NIS+
namespace. The most common type of parent object is a DNS object.
This object contains contact information for a server of that
domain.
/var/nis/data/root.object
This file describes the root object of the NIS+ namespace. It is a
standard XDR-encoded NIS+ directory object that can be modified by
authorized clients using the nis_modify(3NSL) interface.
/etc/default/rpc.nisd
LDAP connection and general rpc.nisd configuration. You can over‐
ride some of the settings by command-line options.
/var/nis/NIS+LDAPmapping
Default path for LDAP mapping file. See the discussion of the -m
option.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWnisu │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOsvcs(1), nis_cachemgr(1M), nisauthconf(1M), nisinit(1M), nissetup(1M),
nisldapmaptest(1M), nslookup(1M), rpc.nisd_resolv(1M), rpc.nispass‐
wdd(1M), svcadm(1M), syslogd(1M), nis_modify(3NSL), NIS+LDAPmapping(4),
netconfig(4), nisfiles(4), resolv.conf(4), rpc.nisd(4), ypfiles(4),
attributes(5), smf(5), ticots(7D)NOTES
NIS+ might not be supported in future releases of the Solaris Operating
system. Tools to aid the migration from NIS+ to LDAP are available in
the current Solaris release. For more information, visit
http://www.sun.com/directory/nisplus/transition.html.
The rpc.nisd service is managed by the service management facility,
smf(5), under the service identifier:
svc:/network/rpc/nisplus:default
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using svcadm(1M). The service's
status can be queried using the svcs(1) command.
SunOS 5.10 13 Aug 2004 rpc.nisd(1M)
