How to Set Up NIS Credentials With Diffie-Hellman Authentication
To create a new key for superuser on a client:
-
Become superuser on the client.
-
Edit the /etc/nsswitch.conf file and add the following line:
publickey: nis
-
Create a new key pair by using the newkey command.
# newkey -h hostname
hostname is the name of the client.
Example--Setting Up an NIS+ Client to Use Diffie-Hellman Security
The following example sets up earth as a secure NIS client.
# newkey -h earth Adding new key for unix.earth@North.Abc.COM New Password: Retype password: Please wait for the database to get updated... Your new key has been successfully stored away. # |
To create a new key for a user:
-
Log in to the server as superuser.
Only the system administrator, logged in to the NIS+ server, can generate a new key for a user.
-
Create a new key for a user.
# newkey -u username
username is the name of the user. The system prompts for a password. The system administrator can type a generic password. The private key is stored encrypted with the generic password.
# newkey -u george Adding new key for unix.12345@Abc.North.Acme.COM New Password: Retype password: Please wait for the database to get updated... Your new key has been successfully stored away. #
-
Tell the user to log in and type the chkey -p command.
This allows the user to re-encrypt their private key with a password known only to the user.
earth% chkey -p Updating nis publickey database. Reencrypting key for unix.12345@Abc.North.Acme.COM Please enter the Secure-RPC password for george: Please enter the login password for george: Sending key change request to pluto... #
Note -The chkey command can be used to create a new key-pair for a user.
- © 2010, Oracle Corporation and/or its affiliates