Table 8-2shows how to change the keys for the root master server from the root master (as root):
Table 8-2 Changing a Root Master's Keys: Command Summary
Tasks |
Commands |
---|---|
Create new DES credentials |
rootmaster# nisaddcred des |
Find the Process ID of rpc.nisd |
rootmaster# ps -e | grep rpc.nisd |
Kill the NIS+ daemon |
rootmaster# kill pid |
Restart NIS+ daemon with no security |
rootmaster# rpc.nisd -S0 |
Perform a keylogout (previous keylogin is now out of date). |
rootmaster# keylogout -f |
Update the keys in the directories served by the master |
rootmaster# nisupdkeys dirs |
Find the Process ID of rpc.nisd |
rootmaster# ps -e | grep rpc.nisd |
Kill the NIS+ daemon |
rootmaster# kill pid |
Restart NIS+ daemon with default security |
rootmaster# rpc.nisd |
Perform a keylogin |
rootmaster# keylogin |
Where:
pid is the process ID number reported by the ps -e | grep rpc.nisd command.
dirs are the directory objects you wish to update. (That is, the directory objects that are served by rootmaster.)
In the first step of the process outlined in Table 8-2, nisaddcred updates the cred table for the root master, updates /etc/.rootkey and performs a keylogin for the root master. At this point the directory objects served by the master have not been updated and their credential information is now out of synch with the root master. The subsequent steps described in Table 8-2 are necessary to successfully update all the objects.
Whenever you change a server's keys, you must also update the key information of all the clients in that domain as explained in "Updating Client Key Information "