solaris Man Page: nisupdkeys(1m)

Man Pages

Back to Software Index BORDER=0

Manpage Top Level

nisupdkeys(1M) manual page Table of Contents

Name

nisupdkeys - update the public keys in a NIS+ directory object

Synopsis

/usr/lib/nis/nisupdkeys [ -a | -C ] [ -H host ] [ directory ]

/usr/lib/nis/nisupdkeys -s [ -a | -C ] -H host

Description

This command updates the public keys in an NIS+ directory object. When the public key for a NIS+ server is changed, the new key must be propagated to all directory objects that reference that server.

nisupdkeys reads a directory object and attempts to get the public key for each server of that directory. These keys are placed in the directory object and the object is then modified to reflect the new keys.

If directory is present, the directory object for that directory is updated. Otherwise the directory object for the default domain is updated.

On the other hand, nisupdkeys -s gets a list of all the directories served by host and updates those directory objects. This assumes that the caller has adequate permission to change all the associated directory objects. The list of directories being served by a given server can also be obtained by nisstat(1M) .

Before you do this operation, make sure that the new address/public key has been propagated to all replicas.

Options

-a: Update the universal addresses of the NIS+ servers in the directory object. Currently, this only works for the TCP/IP family of transports. This option should be used when the IP address of the server is changed. The server’s new address is resolved using gethostbyname(3N) on this machine. The /etc/nsswitch.conf file must point to the correct source for the hosts entry for this resolution to work.
-C: Specify to clear rather than set the public key. Communication with a server that has no public key does not require the use of secure RPC.
-H host: Limit key changes only to the server named host. If the hostname is not a fully qualified NIS+ name, then it is assumed to be a host in the default domain. If the named host does not serve the directory, no action is taken.
-s: Update all the NIS+ directory objects served by the specified server. This assumes that the caller has adequate access rights to change all the associated directory objects. If the NIS+ principal making this call does not have adequate permissions to update the directory objects, those particular updates will fail and the caller will be notified. If the rpc.nisd on host cannot return the list of servers it serves, the command will print an error message. The caller would then have to invoke nisupdkeys multiple times (as in the first synopsis), once per NIS+ directory that it serves.

Examples

The following example updates the keys for servers of the foo.bar. domain.

example% nisupdkeys foo.bar.

This example updates the key for host fred which serves the foo.bar. domain.

example% nisupdkeys -H fred foo.bar.

This example clears the public key for host wilma in the foo.bar. directory.

example% nisupdkeys -CH wilma foo.bar.

This example updates the public key in all directory objects that are served by the host wilma.

example% nisupdkeys -s -H wilma

Notes

The user executing this command must have modify access to the directory object for it to succeed. The existing directory object can be displayed with the niscat(1) command using the -o option.

This command does not update the directory objects stored in the NIS_COLD_START file on the NIS+ clients.

If a server is also the root master server, then nisupdkeys -s cannot be used to update the root directory.

Table of Contents

Name
Synopsis
Availability
Description
Options
Examples
See Also
Notes