Credential-related information, such as public keys, is stored in many locations throughout the namespace. NIS+ updates this information periodically, depending on the time-to-live values of the objects that store it, but sometimes, between updates, it gets out of sync. As a result, you may find that operations that should work, don't work. Table 24–2 lists all the objects, tables, and files that store credential-related information and how to reset it.
Table 24–2 Where Credential-Related Information is Stored
Item |
Stores |
To Reset or Change |
---|---|---|
cred table |
NIS+ principal's secret key and public key. These are the master copies of these keys. |
Use nisaddcred to create new credentials; it updates existing credentials. An alternative is chkey. |
Directory object |
A copy of the public key of each server that supports it. |
Run the /usr/lib/nis/ nisupdkeys command on the directory object. |
Keyserver |
The secret key of the NIS+ principal that is currently logged in. |
Run keylogin for a principal user or keylogin -r for a principal machine. |
NIS+ daemon |
Copies of directory objects, which in turn contain copies of their servers' public keys. |
Kill the daemon and the cache manager. Then restart both. |
Directory cache |
A copy of directory objects, which in turn contain copies of their servers' public keys. |
Kill the NIS+ cache manager and restart it with the nis_cachemgr -i command. The -i option resets the directory cache from the cold-start file and restarts the cache manager. |
Cold-start file |
A copy of a directory object, which in turn contains copies of its servers' public keys. |
On the root master, kill the NIS+ daemon and restart it. The daemon reloads new information into the existing NIS_COLD_START file. For a client, first remove the cold-start and shared directory files from /var/nis, and kill the cache manager. Then re-initialize the principal with nisinit -c. The principal's trusted server reloads new information into the principal's existing cold-start file. |
passwd table |
A user's password or a machine's superuser password. |
Use the passwd -r nisplus command. It changes the password in the NIS+ passwd table and updates it in the cred table. |
passwd file |
A user's password or a machine's superuser password. |
Use the passwd -r nisplus command, whether logged in as superuser or as yourself, whichever is appropriate. |
(NIS) |
A user's password or a machine's superuser password. |
Use passwd -r nisplus. |