NFS Services Administrator's Guide
Configuring and Administering NIS
Configuring and Administering Secure RPC (if NIS+ is not used)
Chapter 4 193
To Create Secure RPC Keys for Users
Use this procedure if you do not want users to be able to create their own
secure RPC keys.
1. Log in as root to the NIS master server.
2. Comment out the entry in the /etc/publickey file for user nobody.
(Insert a sharp sign [#] as the first character on the line.)
3. Issue the following commands to regenerate the publickey.byname
map from the /etc/publickey file and push it to the slave servers:
cd /var/yp
/usr/ccs/bin/make publickey
4. Issue the newkey -u command for each user in your NIS domain:
# /usr/sbin/newkey -u username
Enter a password when prompted for it by the newkey -u command.
5. Tell users the passwords you assigned for them. Users should issue
the /usr/bin/keylogin command, using the passwords you
assigned. Then, they should issue the /usr/bin/yppasswd command
to change their login passwords. The yppasswd command will
reencrypt their secure RPC keys with their new login passwords.
The newkey -u command displays a message saying it is adding a key for
unix.UID@NIS_domain. This string identifies the user in the
publickey.byname NIS map. UID is the user ID of the user for whom the
key is being generated, and NIS_domain is the default NIS domain,
returned by the domainname command.
For more information, see the following man pages: publickey(4),
newkey(1M), chkey(1), keylogin(1), yppasswd(1), make(1), ypmake(1M),
and yppush(1M).