This procedure should be done for every user in the NIS domain.
Only system administrators, when logged in to the NIS master server, can generate a new key for a user.
Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Create a new key for a user.
# newkey -u username |
where username is the name of the user. The system prompts for a password. You can type a generic password. The private key is stored in an encrypted form by using the generic password.
Tell the user to log in and type the chkey -p command.
This command allows users to re-encrypt their private keys with a password known only to the user.
The chkey command can be used to create a new key pair for a user.
In this example, superuser sets up the key.
# newkey -u jdoe Adding new key for unix.12345@example.com New Password: <Type password> Retype password:<Retype password> Please wait for the database to get updated... Your new key has been successfully stored away. # |
Then the user jdoe re-encrypts the key with a private password.
% chkey -p Updating nis publickey database. Reencrypting key for unix.12345@example.com Please enter the Secure-RPC password for jdoe:<Type password> Please enter the login password for jdoe: <Type password> Sending key change request to centralexample... |