System Administration Guide: Naming and Directory Services (NIS+)

Where Credential-Related Information Is Stored in NIS+

This section describes where credential-related information is stored throughout the NIS+ namespace.

Credential-related information, such as public keys, is stored in many locations throughout the namespace. NIS+ updates this information periodically, depending on the time-to-live values of the objects that store it, but sometimes, between updates, it gets out of sync. As a result, you may find that operations that should work, do not. lists all the objects, tables, and files that store credential-related information and how to reset it.

Note –

The NIS+ service is managed by the Service Management Facility (SMF). Enabling, disabling, or restarting NIS+ daemons such as rpc.nisd, keyserv, and nis_cachemgr, can be performed by using the svcadm command. See NIS+ and the Service Management Facility for more information about using SMF with NIS+. For an overview of SMF, refer to Chapter 18, Managing Services (Overview), in System Administration Guide: Basic Administration. Also refer to the svcadm(1M) and svcs(1) man pages for more details.

Table 12–2 Where NIS+ Credential-Related Information Is Stored



To Reset or Change 

cred table 

NIS+ principal's public key and private key. These are the master copies of these keys. 

Use nisaddcred to create new credentials; it updates existing credentials. An alternative is chkey.

directory object 

A copy of the public key of each server that supports it. 

Run the /usr/lib/nis/nisupdkeys command on the directory object.


The secret key of the NIS+ principal that is currently logged in. 

Run keylogin for a principal user or keylogin -rfor a principal machine.

NIS+ daemon 

Copies of directory objects, which in turn contain copies of their servers' public keys. 

Stop the rpc.nisd daemon and the cache manager by disabling the NIS+ service, and then remove NIS_SHARED_DIRCACHE from /var/nis. Then restart the NIS+ service.

Directory cache 

A copy of directory objects, which in turn contain copies of their servers' public keys. 

Restart the NIS+ cache manager with the -i option

cold-start file 

A copy of a directory object, which in turn contains copies of its servers' public keys. 

Stop the NIS+ service. Remove the NIS_COLD_START and NIS_SHARED_DIRCACHE files from /var/nis. Restart the NIS+ service.

passwd table

A user's password. 

Use the passwd -r nisplus command. It changes the password in the NIS+ passwd table and updates it in the cred table.

passwd file

A user's password or a machine's superuser password. 

Use the passwd -r nisplus command, whether logged in as super user or as yourself, whichever is appropriate.


map (NIS) 

A user's password 

Use the passwd -r nisplus command.