JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (NIS+)
search filter icon
search icon

Document Information


Part I About Naming and Directory Services

1.  Name Service Switch

Part II NIS+ Setup and Configuration

2.  NIS+: An Introduction

3.  NIS+ Setup Scripts

4.  Configuring NIS+ With Scripts

5.  Setting Up the NIS+ Root Domain

6.  Configuring NIS+ Clients

7.  Configuring NIS+ Servers

8.  Configuring an NIS+ Non-Root Domain

9.  Setting Up NIS+ Tables

Part III NIS+ Administration

10.  NIS+ Tables and Information

11.  NIS+ Security Overview

12.  Administering NIS+ Credentials

13.  Administering NIS+ Keys

NIS+ Keys

Keylogin With NIS+

Changing Keys for an NIS+ Principal

Changing the NIS+ Keys

Changing NIS+ Root Keys From Root

Changing Root Keys From Another NIS+ Machine

Changing the Keys of an NIS+ Root Replica From the Replica

Changing the Keys of an NIS+ Non-Root Server

Updating Public Keys for NIS+

nisupdkeys Command

Updating Public Keys Arguments and Examples in NIS+

Updating IP Addresses in NIS+

Updating NIS+ Client Key Information

Globally Updating NIS+ Client Key Information

How to Update Client Key Information

14.  Administering Enhanced NIS+ Security Credentials

15.  Administering NIS+ Access Rights

16.  Administering NIS+ Passwords

17.  Administering NIS+ Groups

18.  Administering NIS+ Directories

19.  Administering NIS+ Tables

20.  NIS+ Server Use Customization

21.  NIS+ Backup and Restore

22.  Removing NIS+

23.  Information in NIS+ Tables

24.  NIS+ Troubleshooting

A.  NIS+ Error Messages

About NIS+ Error Messages

Common NIS+ Namespace Error Messages

B.  Updates to NIS+ During the Solaris 10 Release

Solaris 10 and NIS+



Updating Public Keys for NIS+

The public keys of NIS+ servers are stored in several locations throughout the namespace. When new credential information is created for the server, a new key pair is generated and stored in the cred table. However, namespace directory objects still have copies of the server's old public key. The nisupdkeys command is used to update those directory object copies.

nisupdkeys Command

If a new keypair is generated because the old key pair has been compromised or the password used to encrypt the private key is forgotten, the nisupdkeys can be used to update the old public key in the directory objects.

The nisupdkeys command can:

However, nisupdkeys cannot update the NIS_COLD_START files on the principal machines. To update their copies of a server's keys, NIS+ clients should run the nisclient command. Or, if the NIS+ cache manager is running and more than one server is available in the cold-start file, the principals can wait until the time-to-live expires on the directory object. When that happens, the cache manager automatically updates the cold-start file. The default time-to-live is 12 hours.

To use the nisupdkeys command, you must have modify rights to the NIS+ directory object.

Updating Public Keys Arguments and Examples in NIS+

The nisupdkeys command is located in /usr/lib/nis. The nisupdkeys command uses the following arguments (for a complete description of the nisupdkeys command and a full list of all its arguments, see the nisupdkeys man page).

Table 13-4 nisupdkeys Arguments

(no argument)
Updates all keys of servers for current domain.
Updates the keys of the directory object for the named directory.
-H servername
Updates the keys of the named server for the current domain directory object. A fully qualified host name can be used to update the keys of servers in other domains.
-s -H servername
Updates the keys of all the directory objects served by the named server.
Clears the keys.

Table 13-5 gives an example of updating a public key.

Table 13-5 Updating an NIS+ Public Key: Command Examples

Update all keys of all servers of the current domain (
rootmaster# /usr/lib/nis/nisupdkeys

Fetch Public key for server


Updating's public key.

Public key: public-key

Update keys of all servers supporting the domain directory object.
salesmaster# nisupdkeys

(Screen notices not shown)

Update keys for a server named master7 in all the directories that store them.
rootmaster# nisupdkeys -H master7
Clear the keys stored by the directory object.
rootmaster# nisupdkeys -C
Clear the keys for the current domain directory object for the server named master7.
rootmaster# nisupdkeys -C -H master7

Updating IP Addresses in NIS+

If you change a server's IP address, or add additional addresses, you need to run nisupdkeys to update NIS+ address information.

To update the IP addresses of one or more servers, use the nisupdkeys command -a option.

To update the IP addresses of servers of a given domain

rootmaster# nisupdkeys -a domain

To update the IP address of a particular server

rootmaster# nisupdkeys -a -H server