test

System Administration Guide: Security Services

How to Set Up a root Key in NIS+ Credentials for Diffie-Hellman Authentication

For detailed description of NIS+ security, see System Administration Guide: Naming and Directory Services (FNS and NIS+).

  1. Become superuser or assume an equivalent role.

  2. Edit the /etc/nsswitch.conf file, and add the following line:


    publickey: nisplus

  3. Initialize the NIS+ client.


    # nisinit -cH hostname

    hostname is the name of a trusted NIS+ server that contains an entry in its tables for the client machine.

  4. Add the client to the cred table by typing the following commands: 


    # nisaddcred local
# nisaddcred des

  5. Verify the setup by using the keylogin command.

    If you are prompted for a password, the procedure has succeeded.

Example—Setting Up a New Key for root on an NIS+ Client

The following example uses the host pluto to set up earth as an NIS+ client. You can ignore the warnings. The keylogin command is accepted, verifying that earth is correctly set up as a secure NIS+ client. 


# nisinit -cH pluto
NIS Server/Client setup utility.
This machine is in the North.Abc.COM. directory.
Setting up NIS+ client ...
All done.
# nisaddcred local
# nisaddcred des 
DES principal name : unix.earth@North.Abc.COM
Adding new key for unix.earth@North.Abc.Com (earth.North.Abc.COM.)
 
Network password: xxx Press Return
Warning, password differs from login password.
Retype password: xxx Press Return
 
# keylogin
Password:
#