Configuring Workstations to Use New Security Mechanism Credentials--Examples
In this example, the new mechanism is dh640-0 but the system will also attempt authentication with des credentials if the dh640-0 ones are not available or do not succeed.
workstation# nisauthconf dh640-0 des workstation# keylogin -r (screen notices not shown) workstation# /etc/reboot |
In the next example, the new mechanism is dh640-0 and authentication will only be attempted with this mechanism. Before configuring any system to authenticate via the new mechanism exclusively, the cached directory objects must be refreshed to include the keys for the new mechanism. This can be verified with nisshowcache(1M) . An alternative to waiting for the cached directory objects to time out and be refreshed in the following: kill nis_cachemgr(1M) , then construct a new NIS_COLD_START with nisinit(1M) and then restart niscachemgr(1M).
Manually Refresh Directory Objects--Example NETNAMER
To manually refresh directory objects:
# pkill -u 0 nis_cachemgr # nisinit -cH masterserver # niscachemgr -i |
Caution - The workstation principal and all users of this workstation must have dh640-0 credentials in the cred table before the system can be configured to authenticate exclusively with dh640-0.
workstation# nisauthconf dh640-0 workstation# keylogin -r (screen notices not shown) workstation# /etc/reboot |
- © 2010, Oracle Corporation and/or its affiliates