Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (NIS+) |
Part I About Naming and Directory Services
Part II NIS+ Setup and Configuration
4. Configuring NIS+ With Scripts
5. Setting Up the NIS+ Root Domain
8. Configuring an NIS+ Non-Root Domain
10. NIS+ Tables and Information
12. Administering NIS+ Credentials
NIS+ Credentials and Credential Information
NIS+ Authentication Components
How NIS+ Principals Are Authenticated
NIS+ Credentials Preparation Phase
NIS+ Login Phase - Detailed Description
NIS+ Request Phase - Detailed Description
DES Credential Secure RPC Netname
DES Credential Verification Field in NIS+
How the DES Credential in NIS+ Is Generated
Secure RPC Passwords and the Login Password Problem in NIS+
Cached Public Keys Problems in NIS+
Where Credential-Related Information Is Stored in NIS+
Creating NIS+ Credential Information
NIS+ Credential-Related Commands
How nisaddcred Creates NIS+ Credential Information
LOCAL NIS+ Credential Information
DES Credential Information in NIS+
Secure RPC Netname and NIS+ Principal Name
Creating NIS+ Credential Information for the Administrator
Creating Credential Information for NIS+ Principals
For NIS+ User Principals - Example
Using a Dummy Password and chkey in NIS+ - Example
Creating Credential Information in Another NIS+ Domain - Example
14. Administering Enhanced NIS+ Security Credentials
15. Administering NIS+ Access Rights
16. Administering NIS+ Passwords
18. Administering NIS+ Directories
20. NIS+ Server Use Customization
23. Information in NIS+ Tables
Common NIS+ Namespace Error Messages
The following sections describe how to use the nisaddcred command to administer existing credential information. You must have create, modify, read, and destroy rights to the cred table to perform these operations.
Updating your own credential information is considerably easier than creating it. Just type the simple versions of the nisaddcred command while logged in as yourself:
# nisaddcred des # nisaddcred local
To update credential information for someone else, you simply perform the same procedure that you would use to create that person's credential information.
The nisaddcred command removes a principal's credential information, but only from the local domain where the command is run.
Thus, to completely remove a principal from the entire system, you must explicitly remove that principal's credential information from the principal's home domain and all domains where the principal has LOCAL credential information.
To remove credential information, you must have modify rights to the local domain's cred table. Use the -r option and specify the principal with a full NIS+ principal name:
# nisaddcred -r principal-name
The following two examples remove the LOCAL and DES credential information of the administrator Morena.doc.com. The first example removes both types of credential information from her home domain (doc.com.), the second removes her LOCAL credential information from the sales.doc.com. domain. Note how they are each entered from the appropriate domain's master servers.
rootmaster# nisaddcred -r morena.doc.com. salesmaster# nisaddcred -r morena.doc.com.
To verify that the credential information was indeed removed, run nismatch on the cred table, as shown below. For more information about nismatch, see Chapter 19, Administering NIS+ Tables.
rootmaster# nismatch morena.doc.com. cred.org_dir salesmaster# nismatch morena.doc.com. cred.org_dir