Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (NIS+) |
Part I About Naming and Directory Services
Part II NIS+ Setup and Configuration
4. Configuring NIS+ With Scripts
5. Setting Up the NIS+ Root Domain
8. Configuring an NIS+ Non-Root Domain
10. NIS+ Tables and Information
12. Administering NIS+ Credentials
Changing NIS+ Root Keys From Root
Changing Root Keys From Another NIS+ Machine
Changing the Keys of an NIS+ Root Replica From the Replica
Changing the Keys of an NIS+ Non-Root Server
Updating Public Keys Arguments and Examples in NIS+
Updating NIS+ Client Key Information
Globally Updating NIS+ Client Key Information
How to Update Client Key Information
14. Administering Enhanced NIS+ Security Credentials
15. Administering NIS+ Access Rights
16. Administering NIS+ Passwords
18. Administering NIS+ Directories
20. NIS+ Server Use Customization
23. Information in NIS+ Tables
Common NIS+ Namespace Error Messages
The chkey command changes an NIS+ principal's public and private keys that are stored in the cred table. It does not affect the principal's entry either in the passwd table or in the /etc/passwd file.
Generates new keys and encrypts the private key with the password. Run chkey with the -p option to re-encrypt the existing private key with a new password.
Generates a new Diffie-Hellman key pair and encrypts the private key with the password you provide. (Multiple Diffie-Hellman key pairs can exist for each principal.) In most cases, however, you do not want a new keypair, you want to re-encrypt your current existing private key with the new password. To do this, run chkey with the -p option.
See the man pages for more information on these subjects.
Note - In an NIS+ environment, when you change your login password with any of the current administration tools or the passwd (or nispasswd) commands, your private key in the cred table is automatically re-encrypted with the new password for you. Thus, you do not need to explicitly run chkey after a change of login password.
The chkey command interacts with the keyserver, the cred table, and the passwd table.
In order to run chkey, you:
Must have an entry in the passwd table of your home domain. Failure to meet this requirement will result in an error message.
Must run keylogin to make sure that the keyserver has a decrypted private key for you.
Must have modify rights to the cred table. If you do not have modify rights you will get a “permission denied” type of error message.
Must know the original password with which the private key in the cred table was encrypted. (In most cases, this your Secure RPC password.)
To use the chkey command to re-encrypt your private key with your login password, you first run keylogin using the original password, and then use chkey -p, as shown in Table 13-1, which illustrates how to perform a keylogin and chkey for a principal user.
Table 13-1 Re-encrypting Your NIS+ Private Key: Command Summary
|