Go to main content

Managing Authentication in Oracle® Solaris 11.4

Exit Print View

Updated: August 2019
 
 

How to Set Up a Diffie-Hellman Key for an NIS User

Perform this procedure for every user in the NIS domain.

Before You Begin

You must be logged in to the NIS master server to generate a new key for a user. You must be assigned the Name Service Security rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

  1. Create a new key for a user.
    # newkey -u username

    where username is the name of the user. The system prompts for a password. You can type a generic password. The private key is stored in an encrypted form by using the generic password.

  2. Tell the user to log in and type the chkey -p command.

    This command allows users to re-encrypt their private keys with a password known only to the user.


    Note -  The chkey command can be used to create a new key pair for a user.
Example 11  Setting Up and Encrypting a New User Key in NIS

In this example, the root role sets up the key.

# newkey -u jdoe
Adding new key for unix.12345@example.com
New Password: xxxxxxxx
Retype password: xxxxxxxx
Please wait for the database to get updated...
Your new key has been successfully stored away.
#

Then the user jdoe re-encrypts the key with a private password.

$ chkey -p
Updating nis publickey database.
Reencrypting key for unix.12345@example.com
Please enter the Secure-RPC password for jdoe: xxxxxxxx
Please enter the login password for jdoe: xxxxxxxx
Sending key change request to centralexample...