rpc.nisd, nisd - NIS+ service daemon


     /usr/sbin/rpc.nisd [-ACDFhlv] [  -Y  [  -B  [-t netid]]]  [-
     d dictionary]   [-L load]  [-S level]  [-m mappingfile]   [-
     x attribute=value]... [-z number]


     The rpc.nisd daemon is an RPC service  that  implements  the
     NIS+  service.  This  daemon must be running on all machines
     that serve a  portion of the NIS+ namespace.

     rpc.nisd is usually started from a system startup script.

     The -B option causes rpc.nisd to start an auxiliary process,
     rpc.nisd_resolv,  which  provides ypserv compatible DNS for-
     warding for NIS host requests. rpc.nisd_resolv can  also  be
     started  independently.  See   rpc.nisd_resolv(1M)  for more
     information on using rpc.nisd_resolv independently.

     The  /etc/default/rpc.nisd  file  contains   the   following
     default parameter settings. See FILES.

           Specifies whether the server is put into NIS (YP) com-
           patibility    mode.   ENABLE_NIS_YP_EMULATION=YES   is
           equivalent to the -Y command-line option. The  default
           value for ENABLE_NIS_YP_EMULATION is NO.


     -A    Authentication verbose mode.  The daemon logs all  the
           authentication related activities to  syslogd(1M) with
           LOG_INFO priority.

     -B    Provide ypserv compatible DNS forwarding for  NIS host
           requests.       The     DNS     resolving     process,
           rpc.nisd_resolv,  is   started   and   controlled   by
           rpc.nisd.    This    option    requires    that    the
           /etc/resolv.conf file be setup for communication  with
           a DNS nameserver. The  nslookup utility can be used to
           verify  communication  with  a  DNS  nameserver.   See
           resolv.conf(4) and  nslookup(1M).

     -C    Open diagnostic channel on /dev/console.

     -D    Debug mode. Do not fork.

     -d dictionary
           Specify an alternate dictionary for the NIS+ database.
           The  primary  use  of this option is for testing. Note
           that the string  is  not  interpreted,  rather  it  is
           simply passed to the db_initialize function.>

     -F    Force the server to do a checkpoint  of  the  database
           when  it starts up. Forced checkpoints may be required
           when the server is low  on  disk  space.  This  option
           removes  updates  from  the  transaction log that have
           propagated to all of the replicas.

     -h    Print list of options.

     -L number
           Specify the ``load'' the NIS+ service  is  allowed  to
           place on the server. The load is specified in terms of
           the  number of child processes  that  the  server  may
           spawn.  The value of number must be at least 1 for the
           callback functions to work correctly. The  default  is

     -m mappingfile
           Specify the name of a  configuration  file  that  maps
           NIS+  objects  (especially tables and columns) to LDAP
           (entries and attributes). See NIS+LDAPmapping(4).  The
           default  path is /var/nis. The default mapping file is
           NIS+LDAPmapping. If this  file  exists,  the  rpc.nisd
           daemon  will  map  data  to and from LDAP.  A template
           mapping file that covers the normal  NIS+  directories
           and        tables        is        installed        as

           A NIS+ object must have a valid mapping entry  in  the
           mapping file in order to have data for that table read
           from or written to the LDAP repository.

           The rpc.nisd(4) file contains specifications for  LDAP
           server  addresses, LDAP authentication method, and the
           like. See NIS+LDAPmapping(4) for an  overview  of  the
           setup you need to map NIS+ data to or from LDAP.

     -S  level
           Set the authorization security level of  the  service.
           The argument is a number between 0 and 2.  By default,
           the daemon runs at security level 2.

           0     Security level 0 is  designed  to  be  used  for
                 testing   and   initial   setup   of  the   NIS+
                 namespace. When running at level 0,  the  daemon
                 does  not  enforce  any  access  controls.   Any
                 client is  allowed  to  perform  any  operation,
                 including updates and deletions.

           1     At security level 1,  the  daemon  accepts  both
                 AUTH_SYS    and    AUTH_DES    credentials   for
                 authenticating clients and authorizing  them  to
                 perform NIS+ operations.
                  This is not a secure mode  of  operation  since
                 AUTH_SYS  credentials  are  easily  forged.   It
                 should not be used  on  networks  in  which  any
                 untrusted users may potentially have access.

           2     At security level 2,  the  daemon  only  accepts
                 authentication  using  the  security  mechanisms
                 configured  by   nisauthconf(1M).   The  default
                 security  mechanism is  AUTH_DES. Security level
                 2 is the default if the  -S option is not used.

     -t netid
           Use  netid as the transport for communication  between
           rpc.nisd  and   rpc.nisd_resolv. The default transport
           is  ticots(7D) ( tcp on SunOS 4.x systems).

     -v    Verbose. With this option, the daemon sends a  running
           narration  of  what  it  is doing to the syslog daemon
           (see syslogd(1M)) at LOG_INFO priority. This option is
           most  useful  for debugging problems with the service.
           See also -A option.

     -x attribute=value
           Specify the value of the named  attribute.  Attributes
           that  control  the  NIS+ to LDAP mapping operation are
           derived as follows:

           1. Retrieve from LDAP.

           2. Override with values from the mappingfile, if  any.
              See the -m option.

           3. Override with  values  from  the  command  line  -x

     See NIS+LDAPmapping(4) and rpc.nisd(4)  for  the  recognized
     attributes and their syntax.

           As a special case, you can use the  nisplusLdapConfig*
           attributes to derive additional information from LDAP.
           You can only specify the nisplusLdapConfig* attributes
           in rpc.nisd(4) or by means of the command line.

     -Y    Put the server into NIS (YP) compatibility mode.  When
           operating  in  this mode, the NIS+ server will respond
           to NIS Version 2 requests using the version  2  proto-
           col.  Because  the  YP  protocol is not authenticated,
           only those items that have read access to nobody  (the
           unauthenticated  request)  will be visible through the
           V2 protocol. It supports only the standard  Version  2
           maps  in  this  mode  (see   -B  option  and  NOTES in
           ypfiles(4)). See FILES.

     -z number
           Specify the maximum RPC record size that can  be  used
           over  connection  oriented  transports. The default is
           9000 bytes. If  you  specify  a  size  less  than  the
           default value, the default value will be used instead.


     Example 1: Setting  up the  NIS+ Service

     The following example sets up the NIS+ service.

     example% rpc.nisd

     Example 2: Setting Up NIS+ Service  Emulating  YP  With  DNS

     The following example sets up the  NIS+  service,  emulating
     YP with DNS forwarding.

     example% rpc.nisd -YB

     Example 3: Specifying NIS+ and LDAP Mapping Information

     The following example shows how to specify  that  all  addi-
     tional NIS+ and LDAP mapping information should be retrieved
     from DN "dc=x,dc=y,dc=z", from the LDAP server at IP address,  port 389. The examples uses the simple authentica-
     tion method and the cn=nisplusAdmin,ou=People,  proxy  user.
     The -m option is omitted for clarity in this example..

     -x nisplusLDAPconfigDN=dc=x,dc=y,dc=z \
     -x nisplusLDAPconfigPreferredServerList= \
     -x nisplusLDAPconfigAuthenticationMethod=simple \
     -x nisplusLDAPconfigProxyUser=cn=nisplusAdmin,ou=People, \
     -x nisplusLDAPconfigProxyPassword=xyzzy


           The transports that the NIS+ service will use  can  be
           limited  by  setting  this  environment  variable. See


           This file describes the  namespace  that is  logically
           above  the  NIS+  namespace.  The  most common type of
           parent object is a DNS object.  This  object  contains
           contact information for a  server  of  that domain.

           This file  describes  the  root  object  of  the  NIS+
           namespace.   It   is   a   standard  XDR-encoded  NIS+
           directory object that can be modified  by   authorized
           clients using the nis_modify(3NSL) interface.

           Initialization script for NIS+.

           LDAP connection and  general  rpc.nisd  configuration.
           You  can override some of the settings by command-line

           Default path for LDAP mapping file. See the discussion
           of the -m option.


     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWnisu                    |


     nis_cachemgr(1M),       nisauthconf(1M),        nisinit(1M),
     nissetup(1M),        nisldapmaptest(1M),       nslookup(1M),
     rpc.nisd_resolv(1M),    rpc.nispasswdd(1M),     syslogd(1M),
     nis_modify(3NSL),   NIS+LDAPmapping(4),  netconfig(4),  nis-
     files(4),  resolv.conf(4), rpc.nisd(4),  ypfiles(4),  attri-
     butes(5), ticots(7D)


     NIS+ might not  be  supported  in  future  releases  of  the
     SolarisTM  Operating Environment. Tools to aid the migration
     from NIS+ to LDAP are available in the Solaris  9  operating
     environment.      For      more      information,      visit

Man(1) output converted with man2html