Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (NIS+) |
Part I About Naming and Directory Services
Part II NIS+ Setup and Configuration
4. Configuring NIS+ With Scripts
5. Setting Up the NIS+ Root Domain
8. Configuring an NIS+ Non-Root Domain
10. NIS+ Tables and Information
12. Administering NIS+ Credentials
14. Administering Enhanced NIS+ Security Credentials
Transitioning NIS+ to a New Public Key-Based Security Mechanism
Configuring NIS+ Security Mechanisms
Creating New NIS+ Security Mechanism Credentials
New NIS+ Security Mechanism Credentials - Example
Configuring NIS+ Servers to Accept New Security Mechanism Credentials
Configuring NIS+ Servers to Accept New Security Mechanism Credentials - Example
Configuring NIS+ Machines to Use New Security Mechanism Credentials
Configuring NIS+ Machines to Use New Security Mechanism Credentials - Examples
Manually Refresh NIS+ Directory Objects - Example NETNAMER
Changing the Password Protecting New NIS+ Credentials
Change Password Protecting New NIS+ Credentials - Example
Configuring NIS+ Servers to Accept Only New Security Mechanism Credentials
Configuring NIS+ Servers to Accept Only New Security Mechanism Credentials - Example
Removing Old Credentials From the NIS+ cred Table
Removing Old Credentials From the NIS+ cred Table - Example
15. Administering NIS+ Access Rights
16. Administering NIS+ Passwords
18. Administering NIS+ Directories
20. NIS+ Server Use Customization
23. Information in NIS+ Tables
Common NIS+ Namespace Error Messages
Once the new credentials have been generated for all the servers, run nisupdkeys(1m) to add the new public keys to all the directory objects served by these servers. To use the nisupdkeys(1m) command, you must have modify rights to the NIS+ directory object. See Updating Public Keys for NIS+ for more details.
Caution - All servers that serve these NIS+ directories and all clients that access these directories must be running at least the Solaris 7 release. |
In this example, the directories that are being served by the servers with new public keys are doc.com, org_dir.doc.com., groups_dir.doc.com.. The update will be done as the master server principal. Before running the new mechanism, nisupdkeys needs to be configured with nisauthconf. In this example, the current authentication mechanism is des and the new mechanism is dh640-0.
masterserver# nisauthconf dh640-0 des masterserver# nisupdkeys doc.com. (screen notices not shown) masterserver# nisupdkeys org_dir.doc.com. (screen notices not shown) masterserver# nisupdkeys groups_dir.doc.com. (screen notices not shown)