JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (NIS+)
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

Part I About Naming and Directory Services

1.  Name Service Switch

Part II NIS+ Setup and Configuration

2.  NIS+: An Introduction

3.  NIS+ Setup Scripts

4.  Configuring NIS+ With Scripts

5.  Setting Up the NIS+ Root Domain

6.  Configuring NIS+ Clients

7.  Configuring NIS+ Servers

8.  Configuring an NIS+ Non-Root Domain

9.  Setting Up NIS+ Tables

Part III NIS+ Administration

10.  NIS+ Tables and Information

11.  NIS+ Security Overview

12.  Administering NIS+ Credentials

NIS+ Credentials

How NIS+ Credentials Work

NIS+ Credentials and Credential Information

NIS+ Authentication Components

How NIS+ Principals Are Authenticated

NIS+ Credentials Preparation Phase

NIS+ Login Phase - Detailed Description

NIS+ Request Phase - Detailed Description

DES Credential in NIS+

DES Credential Secure RPC Netname

DES Credential Verification Field in NIS+

How the DES Credential in NIS+ Is Generated

Secure RPC Passwords and the Login Password Problem in NIS+

Cached Public Keys Problems in NIS+

Where Credential-Related Information Is Stored in NIS+

NIS+ cred Table in Detail

Creating NIS+ Credential Information

nisaddcred Command

NIS+ Credential-Related Commands

How nisaddcred Creates NIS+ Credential Information

LOCAL NIS+ Credential Information

DES Credential Information in NIS+

Secure RPC Netname and NIS+ Principal Name

Creating NIS+ Credential Information for the Administrator

Creating Credential Information for NIS+ Principals

For NIS+ User Principals - Example

Using a Dummy Password and chkey in NIS+ - Example

Creating Credential Information in Another NIS+ Domain - Example

For NIS+ Machines - Example

Administering NIS+ Credential Information

Updating Your Own NIS+ Credential Information

Removing NIS+ Credential Information

13.  Administering NIS+ Keys

14.  Administering Enhanced NIS+ Security Credentials

15.  Administering NIS+ Access Rights

16.  Administering NIS+ Passwords

17.  Administering NIS+ Groups

18.  Administering NIS+ Directories

19.  Administering NIS+ Tables

20.  NIS+ Server Use Customization

21.  NIS+ Backup and Restore

22.  Removing NIS+

23.  Information in NIS+ Tables

24.  NIS+ Troubleshooting

A.  NIS+ Error Messages

About NIS+ Error Messages

Common NIS+ Namespace Error Messages

B.  Updates to NIS+ During the Solaris 10 Release

Solaris 10 and NIS+

Glossary

Index

Where Credential-Related Information Is Stored in NIS+

This section describes where credential-related information is stored throughout the NIS+ namespace.

Credential-related information, such as public keys, is stored in many locations throughout the namespace. NIS+ updates this information periodically, depending on the time-to-live values of the objects that store it, but sometimes, between updates, it gets out of sync. As a result, you may find that operations that should work, do not. lists all the objects, tables, and files that store credential-related information and how to reset it.

Note - The NIS+ service is managed by the Service Management Facility (SMF). Enabling, disabling, or restarting NIS+ daemons such as rpc.nisd, keyserv, and nis_cachemgr, can be performed by using the svcadm command. See NIS+ and the Service Management Facility for more information about using SMF with NIS+. For an overview of SMF, refer to Chapter 18, Managing Services (Overview), in System Administration Guide: Basic Administration. Also refer to the svcadm(1M) and svcs(1) man pages for more details.

Table 12-2 Where NIS+ Credential-Related Information Is Stored

Item
Stores
To Reset or Change
cred table
NIS+ principal's public key and private key. These are the master copies of these keys.
Use nisaddcred to create new credentials; it updates existing credentials. An alternative is chkey.
directory object
A copy of the public key of each server that supports it.
Run the /usr/lib/nis/nisupdkeys command on the directory object.
keyserver
The secret key of the NIS+ principal that is currently logged in.
Run keylogin for a principal user or keylogin -rfor a principal machine.
NIS+ daemon
Copies of directory objects, which in turn contain copies of their servers' public keys.
Stop the rpc.nisd daemon and the cache manager by disabling the NIS+ service, and then remove NIS_SHARED_DIRCACHE from /var/nis. Then restart the NIS+ service.
Directory cache
A copy of directory objects, which in turn contain copies of their servers' public keys.
Restart the NIS+ cache manager with the -i option
cold-start file
A copy of a directory object, which in turn contains copies of its servers' public keys.
Stop the NIS+ service. Remove the NIS_COLD_START and NIS_SHARED_DIRCACHE files from /var/nis. Restart the NIS+ service.
passwd table
A user's password.
Use the passwd -r nisplus command. It changes the password in the NIS+ passwd table and updates it in the cred table.
passwd file
A user's password or a machine's superuser password.
Use the passwd -r nisplus command, whether logged in as super user or as yourself, whichever is appropriate.
passwd

map (NIS)
A user's password
Use the passwd -r nisplus command.
Copyright © 1994, 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next