test

Solstice AdminSuite 2.3 Administration Guide

How to Create Level 2 DES Security for Systems Using NIS+ Name Service

  1. On each system that runs the sadmind daemon, edit the /etc/inetd.conf file.

    Change this line:


    100232/10	tli	rpc/udp wait root /usr/sbin/sadmind sadmind

    to:


    100232/10	tli	rpc/udp wait root /usr/sbin/sadmind sadmind -S 2

  2. On each system that runs the sadmind daemon, set the /etc/nsswitch.conf entry for publickey to nisplus.

    Change this entry (or one similar to this):


    publickey:	nisplus [NOTFOUND=return] files

    to:


    publickey:	nisplus

  3. Log in as root on the NIS+ master server; create credentials for all group 14 users and all of the systems that will run sadmind -S 2.

    1. Create local credentials for the user.


      # nisaddcred -p uid username.domainname. local

    2. Create des credentials for the user.


      # nisaddcred -p unix.uid@domainname -P username.domainname. des

  4. Log in as root on the NIS+ master server; add all of the users for the AdminSuite to the NIS+ group 14 using the following command.


    # nistbladm -m members=username,username...[name=sysadmin],group.org_dir
    Note -

    The use of this function replaces the current member list with the one that is input; therefore, you must include all members you wish to be a part of group 14.

  5. As root, add all of the users for the AdminSuite to the NIS+ admin group.


    # nisgrpadm	 -a admin username

    Verify that the NIS_GROUP environmental variable is set to admin.

  6. On all the workstations that you intend to run the admintool, enter the following command.


    # keylogin -r

  7. Reboot all of the workstations; verify that the nscd gets flushed.

  8. On each system that you want to the application to run on, log in and then keylogin. (You must be a member of group 14.)

    After the keylogin, you can safely log out; your key is stored in the keyserv daemon until you explicitly keylogout or the system reboots.