This section describes where credential-related information is stored throughout the NIS+ namespace.
Credential-related information, such as public keys, is stored in many locations throughout the namespace. NIS+ updates this information periodically, depending on the time-to-live values of the objects that store it, but sometimes, between updates, it gets out of sync. As a result, you may find that operations that should work, do not. lists all the objects, tables, and files that store credential-related information and how to reset it.
Table 12–2 Where Credential-Related Information Is Stored
Item |
Stores |
To Reset or Change |
---|---|---|
cred table |
NIS+ principal's public key and private key. These are the master copies of these keys. |
Use nisaddcred to create new credentials; it updates existing credentials. An alternative is chkey. |
directory object |
A copy of the public key of each server that supports it. |
Run the /usr/lib/nis/nisupdkeys command on the directory object. |
keyserver |
The secret key of the NIS+ principal that is currently logged in. |
Run keylogin for a principal user or keylogin -rfor a principal machine. |
NIS+ daemon |
Copies of directory objects, which in turn contain copies of their servers' public keys. |
Kill the rpc.nisd daemon and the cache manager and remove NIS_SHARED_DIRCACHE from /var/nis. Then restart both. |
Directory cache |
A copy of directory objects, which in turn contain copies of their servers' public keys. |
Kill the NIS+ cache manager and restart it with the nis_cachemgr -i command. The -i option resets the directory cache from the cold-start file and restarts the cache manager. |
cold-start file |
A copy of a directory object, which in turn contains copies of its servers' public keys. |
On the root master, kill the NIS+ daemon and restart it. The daemon reloads new information into the existing NIS_COLD_START file. On a client machine, first remove the NIS_COLD_START and NIS_SHARED_DIRCACHE files from /var/nis, and kill the cache manager. Then re-initialize the principal with nisinit -c. The principal's trusted server reloads new information into the machine's NIS_COLD_START file. |
|
A user's password. |
Use the passwd -r nisplus command. It changes the password in the NIS+ passwd table and updates it in the cred table. |
passwd file |
A user's password or a machine's superuser password. |
Use the passwd -r nisplus command, whether logged in as super user or as yourself, whichever is appropriate. |
passwd map (NIS) |
A user's password |
Use the passwd -r nisplus command. |