test

System Administration Guide, Volume 2

How to Set Up NIS+ Credentials for Diffie-Hellman Authentication

For detailed description of NIS+ security, see Solaris Naming Administration Guide.

To set up a new key for root on an NIS+ client:

  1. Become superuser.

  2. Edit the /etc/nsswitch.conf file and add the following line:


    publickey: nisplus

  3. Initialize the NIS+ client.


    # nisinit -cH hostname

    hostname is the name of a trusted NIS+ server that contains an entry in its tables for the client machine.

  4. Add the client to the cred table by typing the following commands. 


    # nisaddcred local
# nisaddcred des

  5. Verify the setup by using the keylogin command.

    If you are prompted for a password, the procedure has succeeded.

Example--Setting Up a New Key for root on a NIS+ Client

The following example uses the host pluto to set up earth as an NIS+ client. You can ignore the warnings. The keylogin command is accepted, verifying that earth is correctly set up as a secure NIS+ client. 


# nisinit -cH pluto
NIS Server/Client setup utility.
This machine is in the North.Abc.COM. directory.
Setting up NIS+ client ...
All done.
# nisaddcred local
# nisaddcred des 
DES principal name : unix.earth@North.Abc.COM
Adding new key for unix.earth@North.Abc.Com (earth.North.Abc.COM.)
 
Network password: xxx <Press Return>
Warning, password differs from login password.
Retype password: xxx <Press Return>
 
# keylogin
Password:
#

To set up a new key for an NIS+ user:

  1. Add the user to the cred table on the root master server by typing the following command: 


    # nisaddcred -p unix.UID@domainname -P username.domainname. des

    Note that, in this case, the username-domainname must end with a dot (.)

  2. Verify the setup by logging in as the client and typing the keylogin command.

Example--Setting Up a New Key for an NIS+ User

The following example gives DES security authorization to user george.


# nisaddcred -p unix.1234@North.Abc.com -P george.North.Abc.COM. des
DES principal name : unix.1234@North.Abc.COM
Adding new key for unix.1234@North.Abc.COM (george.North.Abc.COM.)
 
Password:
Retype password:
 
# rlogin rootmaster -l george
# keylogin
Password:
#