Skip Navigation Links | |
Exit Print View | |
![]() |
System Administration Guide: Naming and Directory Services (NIS+) |
Part I About Naming and Directory Services
Part II NIS+ Setup and Configuration
4. Configuring NIS+ With Scripts
5. Setting Up the NIS+ Root Domain
8. Configuring an NIS+ Non-Root Domain
10. NIS+ Tables and Information
12. Administering NIS+ Credentials
Changing Keys for an NIS+ Principal
Changing NIS+ Root Keys From Root
Changing Root Keys From Another NIS+ Machine
Changing the Keys of an NIS+ Root Replica From the Replica
Changing the Keys of an NIS+ Non-Root Server
Updating Public Keys Arguments and Examples in NIS+
14. Administering Enhanced NIS+ Security Credentials
15. Administering NIS+ Access Rights
16. Administering NIS+ Passwords
18. Administering NIS+ Directories
20. NIS+ Server Use Customization
23. Information in NIS+ Tables
Common NIS+ Namespace Error Messages
Whenever you change any server's keys, you must update all of the clients as well. Remember, that all NIS+ servers are also NIS+ clients, so if you update the keys on one server, you must update key information on all other machines in the domain regardless of whether or not they are NIS+ servers or ordinary clients.
There are three ways to update client key information:
The easiest way to update an individual client's key information is by running the nisclient script on the client.
Another way to update an individual client's key information is by running the nisinit command on the client as described in Three Methods to Initialize an NIS+ Client.
You can globally update client key information for all the machines in a domain by shortening the Time To Live value of the domain's directory object as explained in Globally Updating NIS+ Client Key Information.
After changing a server's keys, you can globally update client key information for all the machines in a domain by:
For example, if you have changed the keys for a server in the sales.doc.com. domain, to reduce the directory's TTL value to one minute you would enter:
client% nischttl 60 sales.doc.com.
For example, to reset the TTL value to 12 hours for the sales.doc.com. domain's directory object, you would enter:
client% nischttl 12h sales.doc.com.
See nischttl Command for more information on working with TTL values.