System Administration Guide: Naming and Directory Services (NIS+)

Updating NIS+ Client Key Information

Whenever you change any server's keys, you must update all of the clients as well. Remember, that all NIS+ servers are also NIS+ clients, so if you update the keys on one server, you must update key information on all other machines in the domain regardless of whether or not they are NIS+ servers or ordinary clients.

There are three ways to update client key information:

Globally Updating NIS+ Client Key Information

After changing a server's keys, you can globally update client key information for all the machines in a domain by:

ProcedureHow to Update Client Key Information

  1. Use the nischttl command to reduce the Time To Live (TTL) value of the domain's directory object so that the value expires almost immediately.

    For example, if you have changed the keys for a server in the domain, to reduce the directory's TTL value to one minute you would enter:

    client% nischttl 60
  2. When the directory's TTL value expires, the cache manager expires the entry and then obtains the new, updated information for clients.

  3. Once the directory object's TTL value has expired, reset the directory object's TTL to its default value.

    For example, to reset the TTL value to 12 hours for the domain's directory object, you would enter:

    client% nischttl 12h

    See nischttl Command for more information on working with TTL values.