How to Set Up a Diffie-Hellman Key for an NIS User

Language:

Perform this procedure for every user in the NIS domain.

Before You Begin

You must be logged in to the NIS master server to generate a new key for a user. You must be assigned the Name Service Security rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

Create a new key for a user.
```
# newkey -u username
```
where username is the name of the user. The system prompts for a password. You can type a generic password. The private key is stored in an encrypted form by using the generic password.
Tell the user to log in and type the chkey -p command.
This command allows users to re-encrypt their private keys with a password known only to the user.
Note - The chkey command can be used to create a new key pair for a user.

Example 17 Setting Up and Encrypting a New User Key in NIS

In this example, superuser sets up the key.

# newkey -u jdoe
Adding new key for unix.12345@example.com
New Password: xxxxxxxx
Retype password: xxxxxxxx
Please wait for the database to get updated...
Your new key has been successfully stored away.
#

Then the user jdoe re-encrypts the key with a private password.

% chkey -p
Updating nis publickey database.
Reencrypting key for unix.12345@example.com
Please enter the Secure-RPC password for jdoe: xxxxxxxx
Please enter the login password for jdoe: xxxxxxxx
Sending key change request to centralexample...