1nisupdkeys(1M)          System Administration Commands          nisupdkeys(1M)
2
3
4

NAME

6       nisupdkeys - update the public keys in a NIS+ directory object
7

SYNOPSIS

9       /usr/lib/nis/nisupdkeys [-a | -C] [-H host] [directory]
10
11
12       /usr/lib/nis/nisupdkeys -s [-a | -C] -H host
13
14

DESCRIPTION

16       This  command updates the public keys in an NIS+ directory object. When
17       the public key(s) for a NIS+ server are  changed,  nisupdkeys  reads  a
18       directory  object  and  attempts  to  get  the public key data for each
19       server of that directory. These keys are placed in the directory object
20       and  the  object is then modified to reflect the new keys. If directory
21       is present, the directory object for that directory is updated.  Other‐
22       wise  the  directory  object for the default domain is updated. The new
23       key must be propagated to all directory  objects  that  reference  that
24       server.
25
26
27       On  the  other  hand,  nisupdkeys -s gets a list of all the directories
28       served by host and updates those directory objects. This  assumes  that
29       the  caller has adequate permission to change all the associated direc‐
30       tory objects. The list of directories being served by  a  given  server
31       can also be obtained by nisstat(1M). Before you do this operation, make
32       sure that the new address/public key has been propagated to all  repli‐
33       cas.   If  multiple  authentication  mechanisms  are  configured  using
34       nisauthconf(1M), then the  keys  for  those  mechanisms  will  also  be
35       updated or cleared.
36
37
38       The  user  executing this command must have modify access to the direc‐
39       tory object for it to succeed. The existing  directory  object  can  be
40       displayed with the niscat(1) command using the -o option.
41
42
43       This  command  does  not  update  the  directory  objects stored in the
44       NIS_COLD_START file on the NIS+ clients.
45
46
47       If a server is also the root master server, then nisupdkeys  -s  cannot
48       be used to update the root directory.
49

OPTIONS

51       -a         Update  the  universal  addresses of the NIS+ servers in the
52                  directory object. Currently, this only works for the  TCP/IP
53                  family of transports. This option should be used when the IP
54                  address of the server is changed. The server's  new  address
55                  is  resolved using getipnodebyname(3SOCKET) on this machine.
56                  The /etc/nsswitch.conf file must point to the correct source
57                  for ipnodes and hosts for this resolution to work.
58
59
60       -C         Specify to clear rather than set the public key(s). Communi‐
61                  cation with a server that has  no  public  key(s)  does  not
62                  require the use of secure RPC.
63
64
65       -H host    Limit  key  changes  only  to  the server named host. If the
66                  hostname is not a fully qualified  NIS+  name,  then  it  is
67                  assumed  to  be  a  host in the default domain. If the named
68                  host does not serve the directory, no action is taken.
69
70
71       -s         Update all the NIS+ directory objects served by  the  speci‐
72                  fied  server.  This  assumes  that  the  caller has adequate
73                  access  rights  to  change  all  the  associated   directory
74                  objects.  If  the  NIS+  principal making this call does not
75                  have adequate permissions to update the  directory  objects,
76                  those  particular  updates  will fail and the caller will be
77                  notified. If the rpc.nisd on host cannot return the list  of
78                  servers  it serves, the command will print an error message.
79                  The caller would then have  to  invoke  nisupdkeys  multiple
80                  times  (as  in  the first synopsis), once per NIS+ directory
81                  that it serves.
82
83

EXAMPLES

85       Example 1 Using nisupdkeys
86
87
88       The following example updates the keys  for  servers  of  the  foo.bar.
89       domain.
90
91
92         example% nisupdkeys foo.bar.
93
94
95
96
97       This  example updates the key(s) for host fred that serves the foo.bar.
98       domain.
99
100
101         example% nisupdkeys -H fred foo.bar.
102
103
104
105
106       This example clears the public key(s) for host wilma  in  the  foo.bar.
107       directory.
108
109
110         example% nisupdkeys -CH wilma foo.bar.
111
112
113
114
115       This  example  updates  the public key(s) in all directory objects that
116       are served by the host wilma.
117
118
119         example% nisupdkeys -s -H wilma
120
121
122

ATTRIBUTES

124       See attributes(5) for descriptions of the following attributes:
125
126
127
128
129       ┌─────────────────────────────┬─────────────────────────────┐
130       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
131       ├─────────────────────────────┼─────────────────────────────┤
132       │Availability                 │SUNWnisu                     │
133       └─────────────────────────────┴─────────────────────────────┘
134

SEE ALSO

136       chkey(1),  niscat(1),  nisaddcred(1M),  nisauthconf(1M),   nisstat(1M),
137       getipnodebyname(3SOCKET), nis_objects(3NSL), attributes(5)
138

NOTES

140       NIS+ might not be supported in future releases of the Solaris Operating
141       system. Tools to aid the migration from NIS+ to LDAP are  available  in
142       the    current   Solaris   release.   For   more   information,   visit
143       http://www.sun.com/directory/nisplus/transition.html.
144
145
146
147SunOS 5.11                        13 Dec 2001                   nisupdkeys(1M)
Impressum