Configuring NIS+ Machines to Use New Security Mechanism Credentials
Now that the servers can accept the new credentials, the machines can be converted to authenticate by using the new credentials. To do this, run nisauthconf and keylogin as root and reboot.
Configuring NIS+ Machines to Use New Security Mechanism Credentials – Examples
In this example, the new mechanism is dh640-0 but the system will also attempt authentication with des credentials if the dh640-0 ones are not available or do not succeed.
workstation# nisauthconf dh640-0 des workstation# keylogin -r (screen notices not shown) workstation# /etc/reboot |
In the next example, the new mechanism is dh640-0 and authentication will only be attempted with this mechanism. Before configuring any system to authenticate by using the new mechanism exclusively, the cached directory objects must be refreshed to include the keys for the new mechanism. This can be verified with nisshowcache. An alternative to waiting for the cached directory objects to time out and be refreshed is the following: stop the NIS+ service, then construct a new NIS_COLD_START by using nisinit, and then restart the NIS+ service.
Manually Refresh NIS+ Directory Objects – Example NETNAMER
To manually refresh directory objects, use the svcadm command. See the svcadm(1M) man page for more information.
# svcadm disable -t /network/rpc/nisplus:default # nisinit -cH masterserver # svcadm enable /network/rpc/nisplus:default |
Caution – The machine principal and all users of this machine must have dh640-0 credentials in the cred table before the system can be configured to authenticate exclusively with dh640-0.
workstation# nisauthconf dh640-0 workstation# keylogin -r (screen notices not shown) workstation# /etc/reboot |
- © 2010, Oracle Corporation and/or its affiliates