How to Set Up a Diffie-Hellman Key for an NIS User
This procedure should be done for every user in the NIS domain.
Before You Begin
Only system administrators, when logged in to the NIS master server, can generate a new key for a user.
-
Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
-
Create a new key for a user.
# newkey -u username
where username is the name of the user. The system prompts for a password. You can type a generic password. The private key is stored in an encrypted form by using the generic password.
-
Tell the user to log in and type the chkey -p command.
This command allows users to re-encrypt their private keys with a password known only to the user.
Note –The chkey command can be used to create a new key pair for a user.
Example 16–4 Setting Up and Encrypting a New User Key in NIS
In this example, superuser sets up the key.
# newkey -u jdoe Adding new key for unix.12345@example.com New Password: <Type password> Retype password:<Retype password> Please wait for the database to get updated... Your new key has been successfully stored away. # |
Then the user jdoe re-encrypts the key with a private password.
% chkey -p Updating nis publickey database. Reencrypting key for unix.12345@example.com Please enter the Secure-RPC password for jdoe:<Type password> Please enter the login password for jdoe: <Type password> Sending key change request to centralexample... |
- © 2010, Oracle Corporation and/or its affiliates