rpc.nisd, nisd - NIS+ service daemon
/usr/sbin/rpc.nisd [-ACDFhlv] [ -Y [ -B [-t netid]]] [-
d dictionary] [-L load] [-S level] [-m mappingfile] [-
x attribute=value]... [-z number]
The rpc.nisd daemon is an RPC service that implements the
NIS+ service. This daemon must be running on all machines
that serve a portion of the NIS+ namespace.
rpc.nisd is usually started from a system startup script.
The -B option causes rpc.nisd to start an auxiliary process,
rpc.nisd_resolv, which provides ypserv compatible DNS for-
warding for NIS host requests. rpc.nisd_resolv can also be
started independently. See rpc.nisd_resolv(1M) for more
information on using rpc.nisd_resolv independently.
The /etc/default/rpc.nisd file contains the following
default parameter settings. See FILES.
Specifies whether the server is put into NIS (YP) com-
patibility mode. ENABLE_NIS_YP_EMULATION=YES is
equivalent to the -Y command-line option. The default
value for ENABLE_NIS_YP_EMULATION is NO.
-A Authentication verbose mode. The daemon logs all the
authentication related activities to syslogd(1M) with
-B Provide ypserv compatible DNS forwarding for NIS host
requests. The DNS resolving process,
rpc.nisd_resolv, is started and controlled by
rpc.nisd. This option requires that the
/etc/resolv.conf file be setup for communication with
a DNS nameserver. The nslookup utility can be used to
verify communication with a DNS nameserver. See
resolv.conf(4) and nslookup(1M).
-C Open diagnostic channel on /dev/console.
-D Debug mode. Do not fork.
Specify an alternate dictionary for the NIS+ database.
The primary use of this option is for testing. Note
that the string is not interpreted, rather it is
simply passed to the db_initialize function.>
-F Force the server to do a checkpoint of the database
when it starts up. Forced checkpoints may be required
when the server is low on disk space. This option
removes updates from the transaction log that have
propagated to all of the replicas.
-h Print list of options.
Specify the ``load'' the NIS+ service is allowed to
place on the server. The load is specified in terms of
the number of child processes that the server may
spawn. The value of number must be at least 1 for the
callback functions to work correctly. The default is
Specify the name of a configuration file that maps
NIS+ objects (especially tables and columns) to LDAP
(entries and attributes). See NIS+LDAPmapping(4). The
default path is /var/nis. The default mapping file is
NIS+LDAPmapping. If this file exists, the rpc.nisd
daemon will map data to and from LDAP. A template
mapping file that covers the normal NIS+ directories
and tables is installed as
A NIS+ object must have a valid mapping entry in the
mapping file in order to have data for that table read
from or written to the LDAP repository.
The rpc.nisd(4) file contains specifications for LDAP
server addresses, LDAP authentication method, and the
like. See NIS+LDAPmapping(4) for an overview of the
setup you need to map NIS+ data to or from LDAP.
Set the authorization security level of the service.
The argument is a number between 0 and 2. By default,
the daemon runs at security level 2.
0 Security level 0 is designed to be used for
testing and initial setup of the NIS+
namespace. When running at level 0, the daemon
does not enforce any access controls. Any
client is allowed to perform any operation,
including updates and deletions.
1 At security level 1, the daemon accepts both
AUTH_SYS and AUTH_DES credentials for
authenticating clients and authorizing them to
perform NIS+ operations.
This is not a secure mode of operation since
AUTH_SYS credentials are easily forged. It
should not be used on networks in which any
untrusted users may potentially have access.
2 At security level 2, the daemon only accepts
authentication using the security mechanisms
configured by nisauthconf(1M). The default
security mechanism is AUTH_DES. Security level
2 is the default if the -S option is not used.
Use netid as the transport for communication between
rpc.nisd and rpc.nisd_resolv. The default transport
is ticots(7D) ( tcp on SunOS 4.x systems).
-v Verbose. With this option, the daemon sends a running
narration of what it is doing to the syslog daemon
(see syslogd(1M)) at LOG_INFO priority. This option is
most useful for debugging problems with the service.
See also -A option.
Specify the value of the named attribute. Attributes
that control the NIS+ to LDAP mapping operation are
derived as follows:
1. Retrieve from LDAP.
2. Override with values from the mappingfile, if any.
See the -m option.
3. Override with values from the command line -x
See NIS+LDAPmapping(4) and rpc.nisd(4) for the recognized
attributes and their syntax.
As a special case, you can use the nisplusLdapConfig*
attributes to derive additional information from LDAP.
You can only specify the nisplusLdapConfig* attributes
in rpc.nisd(4) or by means of the command line.
-Y Put the server into NIS (YP) compatibility mode. When
operating in this mode, the NIS+ server will respond
to NIS Version 2 requests using the version 2 proto-
col. Because the YP protocol is not authenticated,
only those items that have read access to nobody (the
unauthenticated request) will be visible through the
V2 protocol. It supports only the standard Version 2
maps in this mode (see -B option and NOTES in
ypfiles(4)). See FILES.
Specify the maximum RPC record size that can be used
over connection oriented transports. The default is
9000 bytes. If you specify a size less than the
default value, the default value will be used instead.
Example 1: Setting up the NIS+ Service
The following example sets up the NIS+ service.
Example 2: Setting Up NIS+ Service Emulating YP With DNS
The following example sets up the NIS+ service, emulating
YP with DNS forwarding.
example% rpc.nisd -YB
Example 3: Specifying NIS+ and LDAP Mapping Information
The following example shows how to specify that all addi-
tional NIS+ and LDAP mapping information should be retrieved
from DN "dc=x,dc=y,dc=z", from the LDAP server at IP address
188.8.131.52, port 389. The examples uses the simple authentica-
tion method and the cn=nisplusAdmin,ou=People, proxy user.
The -m option is omitted for clarity in this example..
-x nisplusLDAPconfigDN=dc=x,dc=y,dc=z \
-x nisplusLDAPconfigPreferredServerList=127.0.0.1:389 \
-x nisplusLDAPconfigAuthenticationMethod=simple \
-x nisplusLDAPconfigProxyUser=cn=nisplusAdmin,ou=People, \
The transports that the NIS+ service will use can be
limited by setting this environment variable. See
This file describes the namespace that is logically
above the NIS+ namespace. The most common type of
parent object is a DNS object. This object contains
contact information for a server of that domain.
This file describes the root object of the NIS+
namespace. It is a standard XDR-encoded NIS+
directory object that can be modified by authorized
clients using the nis_modify(3NSL) interface.
Initialization script for NIS+.
LDAP connection and general rpc.nisd configuration.
You can override some of the settings by command-line
Default path for LDAP mapping file. See the discussion
of the -m option.
See attributes(5) for descriptions of the following attri-
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Availability | SUNWnisu |
nis_cachemgr(1M), nisauthconf(1M), nisinit(1M),
nissetup(1M), nisldapmaptest(1M), nslookup(1M),
rpc.nisd_resolv(1M), rpc.nispasswdd(1M), syslogd(1M),
nis_modify(3NSL), NIS+LDAPmapping(4), netconfig(4), nis-
files(4), resolv.conf(4), rpc.nisd(4), ypfiles(4), attri-
NIS+ might not be supported in future releases of the
SolarisTM Operating Environment. Tools to aid the migration
from NIS+ to LDAP are available in the Solaris 9 operating
environment. For more information, visit
Man(1) output converted with