If you don't know the user's login password, you can use a dummy password as described below.
Table 12–5, shows how another administrator, whose credential information you create using a dummy password, can then use chkey to change his or her own password. In this example, you create credential information for an administrator named Eiji who has a UID of 119. Eiji, whose login ID is eiji, belongs to the root domain, so you would enter his credential information from the root master server which is named rootmaster.
Table 12–5 Creating NIS+ Administrator Credentials: Command Summary
Tasks |
Commands |
---|---|
Create LOCAL credential information for Eiji. |
rootmaster# nisaddcred -p 119 -P eiji.doc.com. local |
Create DES credential information for Eiji. |
rootmaster# nisaddcred -p unix.119@doc.com -P eiji.doc.com. des Adding key pair for unix.119@doc.com (eiji.doc.com.). |
Type dummy password for Eiji. |
Enter eiji's login password: nisaddcred: WARNING: password differs from login passwd |
Re-enter dummy password. |
Retype password: |
You tell Eiji the dummy password that you used. |
|
Eiji logs into rootmaster. |
rootmaster% login: eiji |
Eiji enters real login password. |
Password: |
Eiji gets error message but is allowed to log in anyway. |
Password does not decrypt secret key for unix.119@doc.com. |
Eiji runs keylogin. |
rootmaster% keylogin |
Eiji types dummy password. |
Password: dummy-password |
Eiji runs chkey. |
rootmaster% chkey -p Updating nisplus publickey database Generating new key for'unix.119@doc.com'. |
Eiji types real login password. |
Enter login password: |
Eiji re-types real login password. |
Retype password: Done. |
First, you would create Eiji's credential information in the usual way, but using a dummy login password. NIS+ would warn you and ask you to re-type it. When you did, the operation would be complete. The domain's cred table would contain Eiji's credential information based on the dummy password. The domain's passwd table (or /etc/passwd file), however, would still have his login password entry so that he can log in to the system.
Then, Eiji would log in to the domain's master server, typing his correct login password (since the login procedure checks the password entry in the passwd table or /etc/passwd file). From there, Eiji would first run keylogin, using the dummy password (since a keylogin checks the cred table), and then use the chkey -p command to change the cred entry to the real thing.