How to Set Up a Diffie-Hellman Key for an NIS Host

Language:

Perform this procedure on every host in the NIS domain.

Before You Begin

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

If the default naming service is not NIS, add the publickey map to the naming service.

Verify that the value of config/default for the naming service is not nis.

# svccfg -s name-service/switch listprop config
config                       application
config/value_authorization   astring       solaris.smf.value.name-service.switch
config/default               astring       files
config/host                  astring       "files nis dns"
config/printer               astring       "user files nis"

If the value of config/default is nis, you can stop here.

Set the naming service for publickey to nis.

# svccfg -s name-service/switch setprop config/publickey = astring: "nis"
# svccfg -s name-service/switch:default refresh

Confirm the publickey value.

# svccfg -s name-service/switch listprop
config                       application
config/value_authorization   astring       solaris.smf.value.name-service.switch
config/default               astring       files
config/host                  astring       "files nis dns"
config/printer               astring       "user files nis"
config/publickey             astring       nis

On this system, the value of publickey is listed because it differs from the default, files.

Create a new key pair by using the newkey command.
```
# newkey -h hostname
```
where hostname is the name of the client.

Example 16 Setting Up a New Key for root on an NIS Client

In the following example, and administrator with the Name Service Security rights profile sets up earth as a secure NIS client.

# newkey -h earth
Adding new key for unix.earth@example.com
New Password: xxxxxxxx
Retype password: xxxxxxxx
Please wait for the database to get updated...
Your new key has been successfully stored away.
#