JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (NIS+)
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

Part I About Naming and Directory Services

1.  Name Service Switch

Part II NIS+ Setup and Configuration

2.  NIS+: An Introduction

3.  NIS+ Setup Scripts

4.  Configuring NIS+ With Scripts

5.  Setting Up the NIS+ Root Domain

6.  Configuring NIS+ Clients

7.  Configuring NIS+ Servers

8.  Configuring an NIS+ Non-Root Domain

9.  Setting Up NIS+ Tables

Part III NIS+ Administration

10.  NIS+ Tables and Information

11.  NIS+ Security Overview

12.  Administering NIS+ Credentials

13.  Administering NIS+ Keys

NIS+ Keys

Keylogin With NIS+

Changing Keys for an NIS+ Principal

Changing the NIS+ Keys

Changing NIS+ Root Keys From Root

Changing Root Keys From Another NIS+ Machine

Changing the Keys of an NIS+ Root Replica From the Replica

Changing the Keys of an NIS+ Non-Root Server

Updating Public Keys for NIS+

nisupdkeys Command

Updating Public Keys Arguments and Examples in NIS+

Updating IP Addresses in NIS+

Updating NIS+ Client Key Information

Globally Updating NIS+ Client Key Information

How to Update Client Key Information

14.  Administering Enhanced NIS+ Security Credentials

15.  Administering NIS+ Access Rights

16.  Administering NIS+ Passwords

17.  Administering NIS+ Groups

18.  Administering NIS+ Directories

19.  Administering NIS+ Tables

20.  NIS+ Server Use Customization

21.  NIS+ Backup and Restore

22.  Removing NIS+

23.  Information in NIS+ Tables

24.  NIS+ Troubleshooting

A.  NIS+ Error Messages

About NIS+ Error Messages

Common NIS+ Namespace Error Messages

B.  Updates to NIS+ During the Solaris 10 Release

Solaris 10 and NIS+

Glossary

Index

Changing the NIS+ Keys

The following sections describe how to change the keys of an NIS+ principal.

Note - Whenever you change a server's keys, you must also update the key information of all the clients in that domain as explained in Updating NIS+ Client Key Information.

Changing NIS+ Root Keys From Root

Table 13-2, shows how to change the keys for the root master server from the root master (as root).

Table 13-2 Changing an NIS+ Root Master's Keys: Command Summary

Tasks
Commands
Create new DES credentials
rootmaster# nisaddcred des
Find the NIS+ service
rootmaster# svcs \*nisplus\*
Stop the NIS+ service
rootmaster# svcadm disable -t /network/rpc/nisplus:default
Remove the -S 0 security option
Edit the /lib/svc/method/nisplus file to remove the -S 0 option
Restart NIS+ service with no security
# svcadm enable network/rpc/nisplus
Perform a keylogout (previous keylogin is now out of date)
rootmaster# keylogout -f
Update the keys in the directories served by the master
rootmaster# nisupdkeys dirs
Find the NIS+ service
rootmaster# svcs \*nisplus\*
Stop the NIS+ service
rootmaster# svcadm disable -t /network/rpc/nisplus:default
Add the -S 0 security option
Edit the /lib/svc/method/nisplus file to add the -S 0 option
Restart NIS+ daemon with default security
# svcadm enable network/rpc/nisplus
Perform a keylogin
rootmaster# keylogin

Where:

dirs are the directory objects you wish to update. (That is, the directory objects that are served by rootmaster.)

In the first step of the process outlined in Table 13-2, nisaddcred updates the cred table for the root master, updates /etc/.rootkey and performs a keylogin for the root master. At this point the directory objects served by the master have not been updated and their credential information is now out of synch with the root master. The subsequent steps described in Table 13-2 are necessary to successfully update all the objects.

Note - Whenever you change a server's keys, you must also update the key information of all the clients in that domain as explained in Updating NIS+ Client Key Information.

Changing Root Keys From Another NIS+ Machine

To change the keys for the root master server from some other machine you must have the required NIS+ credentials and authorization to do so.

Table 13-3 Remotely Changing NIS+ Root Master Keys: Command Summary

Tasks
Commands
Create the new DES credentials
othermachine% nisaddcred -p principal-P nisprincipal des
Update the directory objects.
othermachine% nisupdkeysdirs
Update /etc.rootkey.
othermachine% keylogin -r
Reinitialize othermachine as client
othermachine% nisinit -cH

Where:

When running nisupdkeys be sure to update all relevant directory objects at the same time. In other words, do them all with one command. Separate updates may result in an authentication error.

Note - Whenever you change a server's keys, you must also update the key information of all the clients in that domain as explained in Updating NIS+ Client Key Information.

Changing the Keys of an NIS+ Root Replica From the Replica

To change the keys of a root replica from the replica, use these commands:

replica# nisaddcred des
replica# nisupdkeys dirs

Where:

dirs are the directory objects you wish to update, (that is, the directory objects that are served by replica).

When running nisupdkeys be sure to update all relevant directory objects at the same time. In other words, do them all with one command. Separate updates may result in an authentication error.

Note - Whenever you change a server's keys, you must also update the key information of all the clients in that domain as explained in Updating NIS+ Client Key Information.

Changing the Keys of an NIS+ Non-Root Server

To change the keys of a non-root server (master or replica) from the server, use these commands:

subreplica# nisaddcred des
subreplica# nisupdkeys parentdir dirs

Where:

When running nisupdkeys be sure to update all relevant directory objects at the same time. In other words, do them all with one command. Separate updates may result in an authentication error.

Note - Whenever you change a server's keys, you must also update the key information of all the clients in that domain, as explained in Updating NIS+ Client Key Information.

Copyright © 1994, 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next