Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (NIS+) |
Part I About Naming and Directory Services
Part II NIS+ Setup and Configuration
4. Configuring NIS+ With Scripts
5. Setting Up the NIS+ Root Domain
8. Configuring an NIS+ Non-Root Domain
10. NIS+ Tables and Information
12. Administering NIS+ Credentials
Changing Keys for an NIS+ Principal
Changing NIS+ Root Keys From Root
Changing Root Keys From Another NIS+ Machine
Updating Public Keys Arguments and Examples in NIS+
Updating NIS+ Client Key Information
Globally Updating NIS+ Client Key Information
How to Update Client Key Information
14. Administering Enhanced NIS+ Security Credentials
15. Administering NIS+ Access Rights
16. Administering NIS+ Passwords
18. Administering NIS+ Directories
20. NIS+ Server Use Customization
23. Information in NIS+ Tables
Common NIS+ Namespace Error Messages
The following sections describe how to change the keys of an NIS+ principal.
Note - Whenever you change a server's keys, you must also update the key information of all the clients in that domain as explained in Updating NIS+ Client Key Information.
Table 13-2, shows how to change the keys for the root master server from the root master (as root).
Table 13-2 Changing an NIS+ Root Master's Keys: Command Summary
|
Where:
dirs are the directory objects you wish to update. (That is, the directory objects that are served by rootmaster.)
In the first step of the process outlined in Table 13-2, nisaddcred updates the cred table for the root master, updates /etc/.rootkey and performs a keylogin for the root master. At this point the directory objects served by the master have not been updated and their credential information is now out of synch with the root master. The subsequent steps described in Table 13-2 are necessary to successfully update all the objects.
Note - Whenever you change a server's keys, you must also update the key information of all the clients in that domain as explained in Updating NIS+ Client Key Information.
To change the keys for the root master server from some other machine you must have the required NIS+ credentials and authorization to do so.
Table 13-3 Remotely Changing NIS+ Root Master Keys: Command Summary
|
Where:
principal is the root machine's Secure RPC netname. For example:unix.rootmaster@doc.com (no dot at the end).
nis-principal is the root machine's NIS+ principal name. For example, rootmaster.doc.com. (a dot at the end).
dirs are the directory objects you want to update (that is, the directory objects that are served by rootmaster).
When running nisupdkeys be sure to update all relevant directory objects at the same time. In other words, do them all with one command. Separate updates may result in an authentication error.
Note - Whenever you change a server's keys, you must also update the key information of all the clients in that domain as explained in Updating NIS+ Client Key Information.
To change the keys of a root replica from the replica, use these commands:
replica# nisaddcred des replica# nisupdkeys dirs
Where:
dirs are the directory objects you wish to update, (that is, the directory objects that are served by replica).
When running nisupdkeys be sure to update all relevant directory objects at the same time. In other words, do them all with one command. Separate updates may result in an authentication error.
Note - Whenever you change a server's keys, you must also update the key information of all the clients in that domain as explained in Updating NIS+ Client Key Information.
To change the keys of a non-root server (master or replica) from the server, use these commands:
subreplica# nisaddcred des subreplica# nisupdkeys parentdir dirs
Where:
parentdir is the non-root server's parent directory (that is, the directory containing subreplica's NIS+ server).
dirs are the directory objects you want to update (that is, the directory objects that are served by subreplica).
When running nisupdkeys be sure to update all relevant directory objects at the same time. In other words, do them all with one command. Separate updates may result in an authentication error.
Note - Whenever you change a server's keys, you must also update the key information of all the clients in that domain, as explained in Updating NIS+ Client Key Information.