JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (NIS+)
search filter icon
search icon

Document Information


Part I About Naming and Directory Services

1.  Name Service Switch

Part II NIS+ Setup and Configuration

2.  NIS+: An Introduction

3.  NIS+ Setup Scripts

4.  Configuring NIS+ With Scripts

5.  Setting Up the NIS+ Root Domain

6.  Configuring NIS+ Clients

7.  Configuring NIS+ Servers

8.  Configuring an NIS+ Non-Root Domain

9.  Setting Up NIS+ Tables

Part III NIS+ Administration

10.  NIS+ Tables and Information

11.  NIS+ Security Overview

12.  Administering NIS+ Credentials

NIS+ Credentials

How NIS+ Credentials Work

NIS+ Credentials and Credential Information

NIS+ Authentication Components

How NIS+ Principals Are Authenticated

NIS+ Credentials Preparation Phase

NIS+ Login Phase - Detailed Description

NIS+ Request Phase - Detailed Description

DES Credential in NIS+

DES Credential Secure RPC Netname

DES Credential Verification Field in NIS+

How the DES Credential in NIS+ Is Generated

Secure RPC Passwords and the Login Password Problem in NIS+

Cached Public Keys Problems in NIS+

Where Credential-Related Information Is Stored in NIS+

NIS+ cred Table in Detail

Creating NIS+ Credential Information

nisaddcred Command

NIS+ Credential-Related Commands

How nisaddcred Creates NIS+ Credential Information

LOCAL NIS+ Credential Information

DES Credential Information in NIS+

Secure RPC Netname and NIS+ Principal Name

Creating NIS+ Credential Information for the Administrator

Creating Credential Information for NIS+ Principals

For NIS+ User Principals - Example

Using a Dummy Password and chkey in NIS+ - Example

Creating Credential Information in Another NIS+ Domain - Example

For NIS+ Machines - Example

Administering NIS+ Credential Information

Updating Your Own NIS+ Credential Information

Removing NIS+ Credential Information

13.  Administering NIS+ Keys

14.  Administering Enhanced NIS+ Security Credentials

15.  Administering NIS+ Access Rights

16.  Administering NIS+ Passwords

17.  Administering NIS+ Groups

18.  Administering NIS+ Directories

19.  Administering NIS+ Tables

20.  NIS+ Server Use Customization

21.  NIS+ Backup and Restore

22.  Removing NIS+

23.  Information in NIS+ Tables

24.  NIS+ Troubleshooting

A.  NIS+ Error Messages

About NIS+ Error Messages

Common NIS+ Namespace Error Messages

B.  Updates to NIS+ During the Solaris 10 Release

Solaris 10 and NIS+



Administering NIS+ Credential Information

The following sections describe how to use the nisaddcred command to administer existing credential information. You must have create, modify, read, and destroy rights to the cred table to perform these operations.

Updating Your Own NIS+ Credential Information

Updating your own credential information is considerably easier than creating it. Just type the simple versions of the nisaddcred command while logged in as yourself:

# nisaddcred des
# nisaddcred local

To update credential information for someone else, you simply perform the same procedure that you would use to create that person's credential information.

Removing NIS+ Credential Information

The nisaddcred command removes a principal's credential information, but only from the local domain where the command is run.

Thus, to completely remove a principal from the entire system, you must explicitly remove that principal's credential information from the principal's home domain and all domains where the principal has LOCAL credential information.

To remove credential information, you must have modify rights to the local domain's cred table. Use the -r option and specify the principal with a full NIS+ principal name:

# nisaddcred -r principal-name

The following two examples remove the LOCAL and DES credential information of the administrator The first example removes both types of credential information from her home domain (, the second removes her LOCAL credential information from the domain. Note how they are each entered from the appropriate domain's master servers.

rootmaster# nisaddcred -r
salesmaster# nisaddcred -r

To verify that the credential information was indeed removed, run nismatch on the cred table, as shown below. For more information about nismatch, see Chapter 19, Administering NIS+ Tables.

rootmaster# nismatch cred.org_dir
salesmaster# nismatch cred.org_dir