JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (NIS+)
search filter icon
search icon

Document Information


Part I About Naming and Directory Services

1.  Name Service Switch

Part II NIS+ Setup and Configuration

2.  NIS+: An Introduction

3.  NIS+ Setup Scripts

4.  Configuring NIS+ With Scripts

5.  Setting Up the NIS+ Root Domain

6.  Configuring NIS+ Clients

7.  Configuring NIS+ Servers

8.  Configuring an NIS+ Non-Root Domain

9.  Setting Up NIS+ Tables

Part III NIS+ Administration

10.  NIS+ Tables and Information

11.  NIS+ Security Overview

12.  Administering NIS+ Credentials

13.  Administering NIS+ Keys

NIS+ Keys

Keylogin With NIS+

Changing Keys for an NIS+ Principal

Changing the NIS+ Keys

Changing NIS+ Root Keys From Root

Changing Root Keys From Another NIS+ Machine

Changing the Keys of an NIS+ Root Replica From the Replica

Changing the Keys of an NIS+ Non-Root Server

Updating Public Keys for NIS+

nisupdkeys Command

Updating Public Keys Arguments and Examples in NIS+

Updating IP Addresses in NIS+

Updating NIS+ Client Key Information

Globally Updating NIS+ Client Key Information

How to Update Client Key Information

14.  Administering Enhanced NIS+ Security Credentials

15.  Administering NIS+ Access Rights

16.  Administering NIS+ Passwords

17.  Administering NIS+ Groups

18.  Administering NIS+ Directories

19.  Administering NIS+ Tables

20.  NIS+ Server Use Customization

21.  NIS+ Backup and Restore

22.  Removing NIS+

23.  Information in NIS+ Tables

24.  NIS+ Troubleshooting

A.  NIS+ Error Messages

About NIS+ Error Messages

Common NIS+ Namespace Error Messages

B.  Updates to NIS+ During the Solaris 10 Release

Solaris 10 and NIS+



Updating NIS+ Client Key Information

Whenever you change any server's keys, you must update all of the clients as well. Remember, that all NIS+ servers are also NIS+ clients, so if you update the keys on one server, you must update key information on all other machines in the domain regardless of whether or not they are NIS+ servers or ordinary clients.

There are three ways to update client key information:

Globally Updating NIS+ Client Key Information

After changing a server's keys, you can globally update client key information for all the machines in a domain by:

How to Update Client Key Information

  1. Use the nischttl command to reduce the Time To Live (TTL) value of the domain's directory object so that the value expires almost immediately.

    For example, if you have changed the keys for a server in the domain, to reduce the directory's TTL value to one minute you would enter:

    client% nischttl 60
  2. When the directory's TTL value expires, the cache manager expires the entry and then obtains the new, updated information for clients.
  3. Once the directory object's TTL value has expired, reset the directory object's TTL to its default value.

    For example, to reset the TTL value to 12 hours for the domain's directory object, you would enter:

    client% nischttl 12h

    See nischttl Command for more information on working with TTL values.