Table 13–2, shows how to change the keys for the root master server from the root master (as root).
Table 13–2 Changing an NIS+ Root Master's Keys: Command Summary
Tasks |
Commands |
---|---|
Create new DES credentials |
rootmaster# nisaddcred des |
Find the NIS+ service |
rootmaster# svcs \*nisplus\* |
Stop the NIS+ service |
rootmaster# svcadm disable -t /network/rpc/nisplus:default |
Remove the -S 0 security option |
Edit the /lib/svc/method/nisplus file to remove the -S 0 option |
Restart NIS+ service with no security |
# svcadm enable network/rpc/nisplus |
Perform a keylogout (previous keylogin is now out of date) |
rootmaster# keylogout -f |
Update the keys in the directories served by the master |
rootmaster# nisupdkeys dirs |
Find the NIS+ service |
rootmaster# svcs \*nisplus\* |
Stop the NIS+ service |
rootmaster# svcadm disable -t /network/rpc/nisplus:default |
Add the -S 0 security option |
Edit the /lib/svc/method/nisplus file to add the -S 0 option |
Restart NIS+ daemon with default security |
# svcadm enable network/rpc/nisplus |
Perform a keylogin |
rootmaster# keylogin |
Where:
dirs are the directory objects you wish to update. (That is, the directory objects that are served by rootmaster.)
In the first step of the process outlined in Table 13–2, nisaddcred updates the cred table for the root master, updates /etc/.rootkey and performs a keylogin for the root master. At this point the directory objects served by the master have not been updated and their credential information is now out of synch with the root master. The subsequent steps described in Table 13–2 are necessary to successfully update all the objects.
Whenever you change a server's keys, you must also update the key information of all the clients in that domain as explained in Updating NIS+ Client Key Information.