nisupdkeys(1M) System Administration Commands nisupdkeys(1M)NAMEnisupdkeys - update the public keys in a NIS+ directory object
SYNOPSIS
/usr/lib/nis/nisupdkeys [-a | -C] [-H host] [directory]
/usr/lib/nis/nisupdkeys -s [-a | -C] -H host
DESCRIPTION
This command updates the public keys in an NIS+ directory object. When
the public key(s) for a NIS+ server are changed, nisupdkeys reads a
directory object and attempts to get the public key data for each
server of that directory. These keys are placed in the directory object
and the object is then modified to reflect the new keys. If directory
is present, the directory object for that directory is updated. Other‐
wise the directory object for the default domain is updated. The new
key must be propagated to all directory objects that reference that
server.
On the other hand, nisupdkeys-s gets a list of all the directories
served by host and updates those directory objects. This assumes that
the caller has adequate permission to change all the associated direc‐
tory objects. The list of directories being served by a given server
can also be obtained by nisstat(1M). Before you do this operation, make
sure that the new address/public key has been propagated to all repli‐
cas. If multiple authentication mechanisms are configured using
nisauthconf(1M), then the keys for those mechanisms will also be
updated or cleared.
The user executing this command must have modify access to the direc‐
tory object for it to succeed. The existing directory object can be
displayed with the niscat(1) command using the -o option.
This command does not update the directory objects stored in the
NIS_COLD_START file on the NIS+ clients.
If a server is also the root master server, then nisupdkeys-s cannot
be used to update the root directory.
OPTIONS-a Update the universal addresses of the NIS+ servers in
the directory object. Currently, this only works for
the TCP/IP family of transports. This option should be
used when the IP address of the server is changed. The
server's new address is resolved using getipnodeby‐
name(3SOCKET) on this machine. The /etc/nsswitch.conf
file must point to the correct source for ipnodes and
hosts for this resolution to work.
-C Specify to clear rather than set the public key(s).
Communication with a server that has no public key(s)
does not require the use of secure RPC.
-H host Limit key changes only to the server named host. If the
hostname is not a fully qualified NIS+ name, then it is
assumed to be a host in the default domain. If the
named host does not serve the directory, no action is
taken.
-s Update all the NIS+ directory objects served by the
specified server. This assumes that the caller has ade‐
quate access rights to change all the associated direc‐
tory objects. If the NIS+ principal making this call
does not have adequate permissions to update the direc‐
tory objects, those particular updates will fail and
the caller will be notified. If the rpc.nisd on host
cannot return the list of servers it serves, the com‐
mand will print an error message. The caller would then
have to invoke nisupdkeys multiple times (as in the
first synopsis), once per NIS+ directory that it
serves.
EXAMPLES
Example 1: Using nisupdkeys
The following example updates the keys for servers of the foo.bar.
domain.
example% nisupdkeys foo.bar.
This example updates the key(s) for host fred that serves the foo.bar.
domain.
example% nisupdkeys-H fred foo.bar.
This example clears the public key(s) for host wilma in the foo.bar.
directory.
example% nisupdkeys-CH wilma foo.bar.
This example updates the public key(s) in all directory objects that
are served by the host wilma.
example% nisupdkeys-s -H wilma
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWnisu │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOchkey(1), niscat(1), nisaddcred(1M), nisauthconf(1M), nisstat(1M),
getipnodebyname(3SOCKET), nis_objects(3NSL), attributes(5)NOTES
NIS+ might not be supported in future releases of the Solaris Operating
system. Tools to aid the migration from NIS+ to LDAP are available in
the current Solaris release. For more information, visit
http://www.sun.com/directory/nisplus/transition.html.
SunOS 5.10 13 Dec 2001 nisupdkeys(1M)