For detailed description of NIS+ security, see Solaris Naming Administration Guide.
Become superuser.
Edit the /etc/nsswitch.conf file and add the following line:
publickey: nisplus |
Initialize the NIS+ client.
# nisinit -cH hostname |
hostname is the name of a trusted NIS+ server that contains an entry in its tables for the client machine.
Add the client to the cred table by typing the following commands.
# nisaddcred local # nisaddcred des |
Verify the setup by using the keylogin command.
If you are prompted for a password, the procedure has succeeded.
The following example uses the host pluto to set up earth as an NIS+ client. You can ignore the warnings. The keylogin command is accepted, verifying that earth is correctly set up as a secure NIS+ client.
# nisinit -cH pluto NIS Server/Client setup utility. This machine is in the North.Abc.COM. directory. Setting up NIS+ client ... All done. # nisaddcred local # nisaddcred des DES principal name : unix.earth@North.Abc.COM Adding new key for unix.earth@North.Abc.Com (earth.North.Abc.COM.) Network password: xxx <Press Return> Warning, password differs from login password. Retype password: xxx <Press Return> # keylogin Password: # |
Add the user to the cred table on the root master server by typing the following command:
# nisaddcred -p unix.UID@domainname -P username.domainname. des |
Note that, in this case, the username-domainname must end with a dot (.)
Verify the setup by logging in as the client and typing the keylogin command.
The following example gives DES security authorization to user george.
# nisaddcred -p unix.1234@North.Abc.com -P george.North.Abc.COM. des DES principal name : unix.1234@North.Abc.COM Adding new key for unix.1234@North.Abc.COM (george.North.Abc.COM.) Password: Retype password: # rlogin rootmaster -l george # keylogin Password: # |