Adding New Keys to NIS+ Directory Objects
Once the new credentials have been generated for all the servers, run nisupdkeys(1m) to add the new public keys to all the directory objects served by these servers. To use the nisupdkeys(1m) command, you must have modify rights to the NIS+ directory object. See Updating Public Keys for NIS+ for more details.
Caution – All servers that serve these NIS+ directories and all clients that access these directories must be running at least the Solaris 7 release.
Adding New Public Keys to NIS+ Directory Objects – Example
In this example, the directories that are being served by the servers with new public keys are doc.com, org_dir.doc.com., groups_dir.doc.com.. The update will be done as the master server principal. Before running the new mechanism, nisupdkeys needs to be configured with nisauthconf. In this example, the current authentication mechanism is des and the new mechanism is dh640-0.
masterserver# nisauthconf dh640-0 des masterserver# nisupdkeys doc.com. (screen notices not shown) masterserver# nisupdkeys org_dir.doc.com. (screen notices not shown) masterserver# nisupdkeys groups_dir.doc.com. (screen notices not shown) |
- © 2010, Oracle Corporation and/or its affiliates