How do I change NIS+ credentials for the root master server?

How do I change NIS+ credentials for the root master server?

If an NIS+ system is functioning correctly and only the root password
and root private keys for the system need to be changed, follow
these steps:

1) Login as root for the system and change the root password in the
/etc/shadow file:

{root}3% passwd
passwd: Changing password for root
New password:
Re-enter new password:
{root}4%

2) Change the system's private key in the cred table:

{root}4% chkey -p
Updating nisplus publickey database.
Reencrypting key for 'unix.ramayan@bharat.i n'.
Please enter the Secure-RPC password for root:
Please enter the login password for root:
{root}5%

3) If running replica server(s) then wait until the changes to the credential
object table has been propagated to its replicas. This could be up
to 2 minutes.

4) Change the system's /etc/.rootkey:

{root}5% keylogin -r
Password:
Wrote secret key into /etc/.rootkey
{root}6%

The procedure above will work for any system -- root server,
root replica, non-root servers, and all clients. The steps above
change only the system's root password and private keys, not the
public keys for the system.

Thanks to Ronald W. Henderson .

However, if you want to change all the root credentials, including the
public key, follow these steps:

Use the passwd command on the root master server to change the root
password. But DO NOT follow this with a chkey -p to update the credentials
for the root master server, because this will disable the entire NIS+
domain. The only way to recover from this is to rebuild the domain from
scratch!

It is possible to change the credentials of the root master server, but
it is not easy. The procedure follows:

To change the keys for the root master server do as follows:

1. use these commands in this order:

nisupdkeys -CH master.server.name. groups_dir.domain.name.
nisupdkeys -CH master.server.name. org_dir.domain.name.
nisupdkeys -CH master.server.name. domain.name.

(This CLEARS the public key for the HOST "master.server.name" in this
directory.)

2. Kill rpc.nisd and restart it at security level O then run this command:

nistbladm -R cname=master.server.name. cred.org_dir.domain.name.
nisaddcred des



3. Shutdown and restart any replicas of org_dir.domain.name. at run level O

nisping org_dir.domain.name.



nisdupdkeys domain.name.
nisupddkeys org_dir.domain.name.
nisupdkeys groups_dir.domain.name.



4. Kill and restart all rpc.nisd servers at level O to security level 2.

Note that changing a server's key affects all directory objects containing
the key.

Thanks to Rogerio Rocha and Sun INFODOC ID 2213 for this
information.


Home
FAQ