System Administration Guide: Naming and Directory Services (NIS+)

Administering NIS+ Credential Information

The following sections describe how to use the nisaddcred command to administer existing credential information. You must have create, modify, read, and destroy rights to the cred table to perform these operations.

Updating Your Own NIS+ Credential Information

Updating your own credential information is considerably easier than creating it. Just type the simple versions of the nisaddcred command while logged in as yourself:

# nisaddcred des
# nisaddcred local

To update credential information for someone else, you simply perform the same procedure that you would use to create that person's credential information.

Removing NIS+ Credential Information

The nisaddcred command removes a principal's credential information, but only from the local domain where the command is run.

Thus, to completely remove a principal from the entire system, you must explicitly remove that principal's credential information from the principal's home domain and all domains where the principal has LOCAL credential information.

To remove credential information, you must have modify rights to the local domain's cred table. Use the -r option and specify the principal with a full NIS+ principal name:

# nisaddcred -r principal-name

The following two examples remove the LOCAL and DES credential information of the administrator The first example removes both types of credential information from her home domain (, the second removes her LOCAL credential information from the domain. Note how they are each entered from the appropriate domain's master servers.

rootmaster# nisaddcred -r
salesmaster# nisaddcred -r

To verify that the credential information was indeed removed, run nismatch on the cred table, as shown below. For more information about nismatch, see Chapter 19, Administering NIS+ Tables.

rootmaster# nismatch cred.org_dir
salesmaster# nismatch cred.org_dir