Whenever you change any server's keys, you must update all of the clients as well. Remember, that all NIS+ servers are also NIS+ clients, so if you update the keys on one server, you must update key information on all other machines in the domain regardless of whether or not they are NIS+ servers or ordinary clients.
There are three ways to update client key information:
The easiest way to update an individual client's key information is by running the nisclient script on the client.
Another way to update an individual client's key information is by running the nisinit command on the client as described in Initializing a Client.
You can globally update client key information for all the machines in a domain by shortening the Time To Live value of the domain's directory object as explained in Globally Updating Client Key Information.
After changing a server's keys, you can globally update client key information for all the machines in a domain by:
Use the nischttl command to reduce the Time To Live (TTL) value of the domain's directory object so that the value expires almost immediately.
For example, if you have changed the keys for a server in the sales.doc.com. domain, to reduce the directory's TTL value to one minute you would enter:
client% nischttl 60 sales.doc.com. |
When the directory's TTL value expires, the cache manager expires the entry and then obtains the new, updated information for clients.
Once the directory object's TTL value has expired, reset the directory object's TTL to its default value.
For example, to reset the TTL value to 12 hours for the sales.doc.com. domain's directory object, you would enter:
client% nischttl 12h sales.doc.com. |
See The nischttl Command for more information on working with TTL values.