|Skip Navigation Links|
|Exit Print View|
|System Administration Guide: Naming and Directory Services (NIS+)|
The public keys of NIS+ servers are stored in several locations throughout the namespace. When new credential information is created for the server, a new key pair is generated and stored in the cred table. However, namespace directory objects still have copies of the server's old public key. The nisupdkeys command is used to update those directory object copies.
If a new keypair is generated because the old key pair has been compromised or the password used to encrypt the private key is forgotten, the nisupdkeys can be used to update the old public key in the directory objects.
Update the key of one particular server
Update the keys of all the servers that support an NIS+ directory object
Remove a server's public key from the directory object
Update a server's IP address, if that has changed
However, nisupdkeys cannot update the NIS_COLD_START files on the principal machines. To update their copies of a server's keys, NIS+ clients should run the nisclient command. Or, if the NIS+ cache manager is running and more than one server is available in the cold-start file, the principals can wait until the time-to-live expires on the directory object. When that happens, the cache manager automatically updates the cold-start file. The default time-to-live is 12 hours.
To use the nisupdkeys command, you must have modify rights to the NIS+ directory object.
The nisupdkeys command is located in /usr/lib/nis. The nisupdkeys command uses the following arguments (for a complete description of the nisupdkeys command and a full list of all its arguments, see the nisupdkeys man page).
Table 13-4 nisupdkeys Arguments
Table 13-5 gives an example of updating a public key.
Table 13-5 Updating an NIS+ Public Key: Command Examples
If you change a server's IP address, or add additional addresses, you need to run nisupdkeys to update NIS+ address information.
rootmaster# nisupdkeys -a domain
To update the IP address of a particular server
rootmaster# nisupdkeys -a -H server