How to create or delete a new NIS+ user from the command line.
Normally when setting up the NIS+ domain, the administrator will use
the nispopulate command to populate the NIS+ tables, including the
passwd and cred tables. Updating existing NIS+ tables is most often
done with the nisaddent command or through the Solstice Adminsuite GUI.
Using Solstice Adminsuite is the recommended method for adding or
deleting users from the NIS+ database. However, there are situations
when running the GUI is not possible, ex. - remote access to server via
a terminal.
Here is the procedure for adding a NIS+ user.
username=bigguy, uid=999, domainname=test.net.
1) Create passwd table entry.
nistbladm -a name=bigguy passwd="SZ63.is3qsDOM" uid=999 gid=10 gcos="Mr.
Bigguy" home=/export/home/bigguy shell=/bin/sh passwd.org_dir
Note: The passwd is the encrypted password. In this example the password
is "hello123". Run the passwd command on a test user and copy
the encrypted password from the shadow file.
2) Change table enty access to disallow world read.
nischmod w-r [name=bigguy],passwd.org_dir
3) Add user credentials.
nisaddcred -p 999 -P bigguy.test.net. local
nisaddcred -p unix.999@test.net -P bigguy.test.net. des
you will be prompted for the user's login passwd, use the same one
as set above in step 1. (ie. hello123)
4) Change owner of table entry to the user.
nischown bigguy [name=bigguy],passwd.org_dir
5) That's it. Now the user can log in using the password set here
and set his own new password with the passwd command.
Here is the procedure for removing a NIS+ user.
username=bigguy, uid=999, domainname=test.net.
1) Delete the passwd table entry.
nistbladm -R [name=bigguy], passwd.org_dir
2) Delete the user credentials from the cred table.
nistbladm -R [cname=bigguy.test.net.], cred.org_dir
3) Done
This procedure to add a NIS+ user could be implemented in a simple
script such as this:
#!/bin/sh
#
# script to create a new NIS+ user
#
# arguments --> username=arg1, uid=arg2
#
if test $# -eq 0
then
echo "addnis+user username uid"
exit 1
fi
#
set -x
DNAME=`domainname`
#
# add user to passwd table (password="hello123")
#
nistbladm -a name=$1 passwd="SZ63.is3qsDOM" uid=$2 gid=10 shell=/bin/sh
home=/export/home/$1 passwd.org_dir
#
# disallow world read on this table entry
#
nischmod w-r [name=$1],passwd.org_dir
#
# create user credentials
#
nisaddcred -p $2 -P $1.$DNAME. local
nisaddcred -p unix.$2@$DNAME -P $1.$DNAME. des
#
# change the table entry's owner to the user
#
nischown $1 [name=$1],passwd.org_dir
#
# end