This section describes where credential-related information is stored throughout the NIS+ namespace.
Credential-related information, such as public keys, is stored in many locations throughout the namespace. NIS+ updates this information periodically, depending on the time-to-live values of the objects that store it, but sometimes, between updates, it gets out of sync. As a result, you may find that operations that should work, do not. lists all the objects, tables, and files that store credential-related information and how to reset it.
The NIS+ service is managed by the Service Management Facility (SMF). Enabling, disabling, or restarting NIS+ daemons such as rpc.nisd, keyserv, and nis_cachemgr, can be performed by using the svcadm command. See NIS+ and the Service Management Facility for more information about using SMF with NIS+. For an overview of SMF, refer to Chapter 18, Managing Services (Overview), in System Administration Guide: Basic Administration. Also refer to the svcadm(1M) and svcs(1) man pages for more details.
Item |
Stores |
To Reset or Change |
---|---|---|
cred table |
NIS+ principal's public key and private key. These are the master copies of these keys. |
Use nisaddcred to create new credentials; it updates existing credentials. An alternative is chkey. |
directory object |
A copy of the public key of each server that supports it. |
Run the /usr/lib/nis/nisupdkeys command on the directory object. |
keyserver |
The secret key of the NIS+ principal that is currently logged in. |
Run keylogin for a principal user or keylogin -rfor a principal machine. |
NIS+ daemon |
Copies of directory objects, which in turn contain copies of their servers' public keys. |
Stop the rpc.nisd daemon and the cache manager by disabling the NIS+ service, and then remove NIS_SHARED_DIRCACHE from /var/nis. Then restart the NIS+ service. |
Directory cache |
A copy of directory objects, which in turn contain copies of their servers' public keys. |
Restart the NIS+ cache manager with the -i option |
cold-start file |
A copy of a directory object, which in turn contains copies of its servers' public keys. |
Stop the NIS+ service. Remove the NIS_COLD_START and NIS_SHARED_DIRCACHE files from /var/nis. Restart the NIS+ service. |
|
A user's password. |
Use the passwd -r nisplus command. It changes the password in the NIS+ passwd table and updates it in the cred table. |
passwd file |
A user's password or a machine's superuser password. |
Use the passwd -r nisplus command, whether logged in as super user or as yourself, whichever is appropriate. |
passwd map (NIS) |
A user's password |
Use the passwd -r nisplus command. |