System Administration Guide: Naming and Directory Services (NIS+)

Changing Keys for an NIS+ Principal

The chkey command changes an NIS+ principal's public and private keys that are stored in the cred table. It does not affect the principal's entry either in the passwd table or in the /etc/passwd file.

The chkey command:

See the man pages for more information on these subjects.

Note –

In an NIS+ environment, when you change your login password with any of the current administration tools or the passwd (or nispasswd) commands, your private key in the cred table is automatically re-encrypted with the new password for you. Thus, you do not need to explicitly run chkey after a change of login password.

The chkey command interacts with the keyserver, the cred table, and the passwd table.

In order to run chkey, you:

To use the chkey command to re-encrypt your private key with your login password, you first run keylogin using the original password, and then use chkey -p, as shown in Table 13–1, which illustrates how to perform a keylogin and chkey for a principal user.

Table 13–1 Re-encrypting Your NIS+ Private Key: Command Summary



Log in. 

Sirius% login Login-name

Provide login password. 


If login password and Secure RPC password are different, perform a keylogin.

Sirius% keylogin

Provide the original password that was used to encrypt the private key. 

Password: Secure RPC password

Run chkey.


Sirius% chkey -p
Updating nisplus publickey database
Updating new key for ''.

Enter login password. 

Enter login password: login-password

Re-enter login password 

Retype password: