SunOS man pages : nisupdkeys (1)
Maintenance Commands nisupdkeys(1M)
NAME
nisupdkeys - update the public keys in a NIS+ directory
object
SYNOPSIS
/usr/lib/nis/nisupdkeys [ -a | -C ] [ -H host ] [ direc-
tory ]
/usr/lib/nis/nisupdkeys -s [ -a | -C ] -H host
DESCRIPTION
This command updates the public keys in an NIS+
directory object. When the public key(s) for a NIS+
server are changed, nisupdkeys reads a directory object and
attempts to get the public key data for each server of that
directory. These keys are placed in the directory object
and the object is then modified to reflect the new keys. If
directory is present, the directory object for that direc-
tory is updated. Otherwise the directory object for the
default domain is updated. The new key must be propagated
to all directory objects that reference that server.
On the other hand, nisupdkeys -s gets a list of all the
directories served by host and updates those directory
objects. This assumes that the caller has adequate permis-
sion to change all the associated directory objects. The
list of directories being served by a given server can also
be obtained by nisstat(1M). Before you do this operation,
make sure that the new address/public key has been pro-
pagated to all replicas. If multiple authentication mechan-
isms are configured using nisauthconf(1M), then the keys
for those mechanisms will also be updated or cleared.
OPTIONS
-a Update the universal addresses of the NIS+ servers in
the directory object. Currently, this only works for
the TCP/IP family of transports.
This option should be used when the IP address of the
server is changed. The server's new address is
resolved using getipnodebyname(3SOCKET) on this
machine. The /etc/nsswitch.conf file must point to
the correct source for ipnodes and hosts for this
resolution to work.
-C Specify to clear rather than set the public key(s).
Communication with a server that has no public key(s)
does not require the use of secure RPC.
-H host
Limit key changes only to the server named host. If
the hostname is not a fully qualified NIS+ name, then
it is assumed to be a host in the default domain. If
SunOS 5.8 Last change: 6 Oct 1999 1
Maintenance Commands nisupdkeys(1M)
the named host does not serve the directory, no action
is taken.
-s Update all the NIS+ directory objects served by the
specified server. This assumes that the caller has
adequate access rights to change all the associated
directory objects. If the NIS+ principal making this
call does not have adequate permissions to update the
directory objects, those particular updates will fail
and the caller will be notified.
If the rpc.nisd on host cannot return the list of
servers it serves, the command will print an error
message.
The caller would then have to invoke nisupdkeys mul-
tiple times (as in the first synopsis), once per NIS+
directory that it serves.
EXAMPLES
Example 1: Using nisupdkeys
The following example updates the keys for servers of the
foo.bar. domain.
example% nisupdkeys foo.bar.
This example updates the key(s) for host fred which serves
the foo.bar. domain.
example% nisupdkeys -H fred foo.bar.
This example clears the public key(s) for host wilma in the
foo.bar. directory.
example% nisupdkeys -CH wilma foo.bar.
This example updates the public key(s) in all directory
objects that are served by the host wilma.
example% nisupdkeys -s -H wilma
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWnisu |
|_____________________________|_____________________________|
SunOS 5.8 Last change: 6 Oct 1999 2
Maintenance Commands nisupdkeys(1M)
SEE ALSO
chkey(1), niscat(1), nisaddcred(1M), nisauthconf(1M),
nisstat(1M), getipnodebyname(3SOCKET), nis_objects(3NSL),
attributes(5)
NOTES
The user executing this command must have modify access to
the directory object for it to succeed. The existing direc-
tory object can be displayed with the niscat(1) command
using the -o option.
This command does not update the directory objects stored in
the NIS_COLD_START file on the NIS+ clients.
If a server is also the root master server, then nisupdkeys
-s cannot be used to update the root directory.
SunOS 5.8 Last change: 6 Oct 1999 3
|
 |
|
|
