System Administration Guide: Naming and Directory Services (NIS+)

Changing Root Keys From Another NIS+ Machine

To change the keys for the root master server from some other machine you must have the required NIS+ credentials and authorization to do so.

Table 13–3 Remotely Changing NIS+ Root Master Keys: Command Summary



Create the new DES credentials 

othermachine% nisaddcred -p principal-P nisprincipal des

Update the directory objects. 

othermachine% nisupdkeysdirs

Update /etc.rootkey.

othermachine% keylogin -r

Reinitialize othermachine as client 

othermachine% nisinit -cH


When running nisupdkeys be sure to update all relevant directory objects at the same time. In other words, do them all with one command. Separate updates may result in an authentication error.

Note –

Whenever you change a server's keys, you must also update the key information of all the clients in that domain as explained in Updating NIS+ Client Key Information.