Setting Up DNS Forwarding
To enable DNS forwarding capabilities on an NIS+ client:
Login as superuser.
Properly configure the hosts line in the /etc/resolve.conf file to read: hosts:nisplus dns files.
In this implementation of NIS, if a /etc/resolve.conf file exists on the server, ypstart automatically starts the ypserv daemon with the -d option to forward requests to DNS. (To stop forwarding to DNS, edit the /usr/lib/netsvc/yp/ypstart script to remove the -d option from the ypserv command. You must then reboot the machine.)
Changing a machine's Domain Name
This task changes a machine's domain name. Since a machine's domain name is usually set during installation, you should check it (type domainname without an argument) before you decide to perform this task.
Security Considerations
You must perform this task as superuser on the machine whose domain name you are changing.
Information You Need
The machine's superuser password
The new domain name
Changing a machine's Domain--Task Map
Table 6-2 Configuring the Client
Task | Description | For Instructions, Go To | |
|---|---|---|---|
Changing a machine's Domain | Use the domainname command to change the client machine domain | ||
How to Change a Client's Domain Name
Log in to the machine and become superuser.
The examples in this task use client1 as the machine and doc.com. as the new domain name.
client1% su Password:
Change the machine's domain name.
Type the new name after the domainname command. Do not use a trailing dot. For example, to change a machine's domain to the doc.com domain, you enter:
client1# domainname doc.com
If the machine had been an NIS client, it may no longer be able to get NIS service.
Verify the result.
Run the domainname command again, this time without an argument, to display the server's current domain.
client1# domainname doc.com
Save the new domain name.
Redirect the output of the domainname command into the /etc/defaultdomain file.
client1# domainname > /etc/defaultdomain
At a convenient time, reboot the machine.
Even after entering the new domain name into the /etc/defaultdomain file, some processes may still operate with the old domain name. To ensure that all processes are using the new domain name, reboot the machine.
Because you may be performing this task in a sequence of many other tasks, examine the work remaining to be done on the machine before rebooting. Otherwise, you might find yourself rebooting several times instead of just once.
Although restarting individual daemons, such as mountd may solve an NFS problem, it is strongly recommended that you reboot to synchronize configuration changes across daemons. This minimizes application failures caused by unknown changes to the configuration.
Initializing an NIS+ Client
The three different ways to initialize an NIS+ client are:
Broadcast method (see "Broadcast Initialization")
Host-name method (see "Initializing a Client by Host Name")
Cold-start file method (see "Initializing Client Using a Cold-Start File")
Broadcast Initialization
This method initializes an NIS+ client by sending an IP broadcast on the client's subnet.
This is the simplest way to configure a client but is also the least secure. The NIS+ server that responds to the broadcast sends the client all the information that the client needs in its cold-start file, including the server's public key. Presumably, only an NIS+ server will respond to the broadcast. However, the client has no way of knowing whether the machine that responded to the broadcast is indeed a trusted server. As a result, this method is only recommended for sites with small, secure networks.
Security Considerations
You must perform this task as superuser on the client.
Prerequisites
At least one NIS+ server must exist on the same subnet as the client. The client must use the same Diffie-Hellman key lengths as those on the master server. See nisauthconf(1M).
Information You Need
You need the superuser password to the client.
Initializing an NIS+ Client--Task Map
Table 6-3 Initializing an NIS+ Client
Task | Description | For Instructions, Go To | |
|---|---|---|---|
Initializing an NIS+ Client | Use nisclient command to initialize an NIS+ client | ||
How to Initialize a Client--Broadcast Method
This step initializes the client and creates a NIS_COLD_START file in its /var/nis directory. Use the nisinit command with the -c and -B options.
client1# nisinit -c -B This machine is in the doc.com. NIS+ domain. Setting up NIS+ client ... All done. |
An NIS+ server on the same subnet will reply to the broadcast and add its location information into the client's cold-start file.
Initializing a Client by Host Name
Initializing a client by host name consists of explicitly identifying the IP address of its trusted server. This server's name, location information, and public keys are then placed in the client's cold-start file.
This method is more secure than the broadcast method because it actually specifies the IP address of the trusted server, rather than relying on a server to identify itself. However, if a router exists between the client and the trusted server, it could intercept messages to the trusted IP address and route them to an untrusted server.