To change the keys for the root master server from some other machine you must have the required NIS+ credentials and authorization to do so.
Table 8-3 Remotely Changing Root Master Keys: Command Summary
Tasks |
Commands |
---|---|
Create the new DES credentials |
othermachine% nisaddcred -p principal -P nisprincipal des |
Update the directory objects. |
othermachine%nisupdkeys dirs |
Update /etc.roootkey. |
othermachine% keylogin -r |
Reinitialize othermachine as client |
othermachine% nisinit -cH |
Where:
principal is the root machine's Secure RPC netname. For example: unix.rootmaster@doc.com (no dot at the end).
nis-principal is the root machine's NIS+ principal name. For example, rootmaster.doc.com. (a dot at the end).
dirs are the directory objects you wish to update (that is, the directory objects that are served by rootmaster).
When running nisupdkeys be sure to update all relevant directory objects at the same time. In other words, do them all with one command. Separate updates may result in an authentication error.
Whenever you change a server's keys, you must also update the key information of all the clients in that domain as explained in "Updating Client Key Information "