Make the domain name known to each system in the domain. For information about setting up a machine's NIS domain name, see How to Set a Machine’s NIS Domain Name in Working With Oracle Solaris 11.2 Directory and Naming Services: DNS and NIS .
# domainname domain-name
# newkey -u username -s name-service
Users can establish personal secure RPC passwords by using the chkey command.
# chkey -p -s name-service -m mechanism
When public keys and secret keys have been generated, the public keys and encrypted secret keys are stored in the publickey database.
If you are running NIS, verify that the ypbind daemon is running. For more information, see ypbind Not Running on Client in Working With Oracle Solaris 11.2 Directory and Naming Services: DNS and NIS .
If you are running LDAP, verify that the ldap_cachemgr daemon is running. For more information, see Monitoring LDAP Client Status in Working With Oracle Solaris 11.2 Directory and Naming Services: LDAP .
# ps -ef | grep keyserv root 100 1 16 Apr 11 ? 0:00 /usr/sbin/keyserv root 2215 2211 5 09:57:28 pts/0 0:00 grep keyserv
If the daemon is not running, type the following to start the key server:
# svcadm enable network/rpc/keyserv
Usually, the login password is identical to the network password. In this situation, keylogin is not required. If the passwords are different, the users have to log in, and then run keylogin. You still need to use the keylogin -r command as root to store the decrypted secret key in /etc/.rootkey.
For Diffie-Hellman authentication add the –sec=dh option to the command line.
# share -F nfs -o sec=dh /export/home
For more information about security modes, see the nfssec (5) man page.
If you are using Diffie-Hellman authentication, edit the auto_master data to include –sec=dh as a mount option in the appropriate entries.
/home auto_home -nosuid,sec=dh
When you reinstall, move, or upgrade a system, remember to save the /etc/.rootkey file if you do not establish new keys or change the keys for root. If you delete the /etc/.rootkey file, type the following command:
# keylogin -r