1nisauthconf(1M)         System Administration Commands         nisauthconf(1M)
2
3
4

NAME

6       nisauthconf - configure NIS+ security
7

SYNOPSIS

9       nisauthconf [-v] [mechanism,]...
10
11

DESCRIPTION

13       nisauthconf  controls which authentication flavors NIS+ should use when
14       communicating with other NIS+ clients and servers. If  the  command  is
15       not  executed,  then  NIS+  will default to the AUTH_DES authentication
16       flavor when running security level 2. See rpc.nisd(1M).
17
18
19       nisauthconf takes a list of  authentication  mechanism's  in  order  of
20       preference. An authentication mechanism may use one or more authentica‐
21       tion flavors listed below. If des is the only specified mechanism, then
22       NIS+  only  use AUTH_DES with other NIS+ clients and servers. If des is
23       the first mechanism, then other authentication  mechanism's  after  des
24       will  be ignored by NIS+, except for nisaddcred(1M). After changing the
25       mechanism configuration, the keyserv(1M) daemon must be restarted. Note
26       that doing so will remove encryption keys stored by the running keyserv
27       process. This means that a reboot usually is the safest option when the
28       mechanism configuration has been changed.
29
30
31       The following mechanisms are available:
32
33
34
35
36       ┌─────────────────────────────┬─────────────────────────────┐
37       │ Authentication mechanism    │   Authentication Flavor     │
38       ├─────────────────────────────┼─────────────────────────────┤
39       │des                          │AUTH_DES                     
40       ├─────────────────────────────┼─────────────────────────────┤
41       │dh640-0                      │RPCSEC_GSS   using  640-bit  │
42       │                             │Diffie-Hellman keys          │
43       ├─────────────────────────────┼─────────────────────────────┤
44       │dh1024-0                     │RPCSEC_GSS  using  1024-bit  │
45       │                             │Diffie-Hellman keys          │
46       └─────────────────────────────┴─────────────────────────────┘
47
48
49       If  no  mechanisms  are  specified, then a list of currently configured
50       mechanisms is printed.
51

OPTIONS

53       -v    Displays a verbose table listing the currently configured authen‐
54             tication mechanisms.
55
56

EXAMPLES

58       Example 1 Configuring a System with only RPCSEC_GSS Authentication Fla‐
59       vor
60
61
62       To configure a system to use only the RPCSEC_GSS authentication  flavor
63       with 640-bit Diffie-Hellman keys, execute the following as root:
64
65
66         example# /usr/lib/nis/nisauthconf dh640-0
67
68
69
70       Example  2  Configuring  a  System  with  both  RPCSEC_GSS and AUTH_DES
71       Authentication Flavors
72
73
74       To configure a system to use both RPCSEC_GSS (with 640-bit Diffie-Hell‐
75       man keys) and AUTH_DES authentication flavors:
76
77
78         example# /usr/lib/nis/nisauthconf dh640-0 des
79
80
81
82       Example 3 Transitioning to Other Authentication Flavors
83
84
85       The  following  example  can be used while adding credentials for a new
86       mechanism before NIS+ is authenticating with the new mechanism:
87
88
89         example# /usr/lib/nis/nisauthconf des dh640-0
90
91
92
93
94       Note that except for nisaddcred(1M), NIS+ will not use mechanisms  that
95       follow 'des.'
96
97

EXIT STATUS

99       The following exit values are returned:
100
101       0    Successful completion.
102
103
104       1    An error occurred.
105
106

FILES

108       /etc/rpcsec/nisplussec.conf
109
110           NIS+  authentication configuration file. This file may change or be
111           removed in future versions of Solaris.
112
113

ATTRIBUTES

115       See attributes(5) for descriptions of the following attributes:
116
117
118
119
120       ┌─────────────────────────────┬─────────────────────────────┐
121       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
122       ├─────────────────────────────┼─────────────────────────────┤
123       │Availability                 │SUNWnisu                     │
124       └─────────────────────────────┴─────────────────────────────┘
125

SEE ALSO

127       NIS+(1), keyserv(1M), nisaddcred(1M), rpc.nisd(1M), attributes(5)
128

NOTES

130       A NIS+ client of a server that is  configured  for  either  dh640-0  or
131       dh1024-0  must  run Solaris 7 or later, even if the server is also con‐
132       figured with des.
133
134
135       NIS+ might not be supported in future releases of the Solaris operating
136       system.  Tools  to aid the migration from NIS+ to LDAP are available in
137       the   current   Solaris   release.   For   more   information,    visit
138       http://www.sun.com/directory/nisplus/transition.html.
139
140
141
142SunOS 5.11                        12 Dec 2001                  nisauthconf(1M)
Impressum