Manualshelf

HP-UX Reference (11i v1 00/12) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals
71727374757677787980
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man1m/naaagt.1m
________________________________________________________________
___ ___
n
nisaddcred(1M) nisaddcred(1M)
0 (root) are identified with the host principal. Unlike LOCAL, there cannot be more than one DES creden-
tial entry for one NIS+ principal in the NIS+ namespace.
The public information in an entry of authentication type DES is the public key for the principal. The
private information in this entry is the private key of the principal encrypted by the principal’s network
password.
User clients of NIS+ should have credentials of both types in their home domain. In addition, a principal
must have a LOCAL entry in the cred.org_dir table of each domain from which the principal wishes to
make authenticated requests. A client of NIS+ that makes a request from a domain in which it does not
have a LOCAL entry will be unable to acquire DES credentials. An NIS+ service running at security level
2 or higher will consider such users unauthenticated and assign them the name nobody for determining
access rights.
This command can only be run by those NIS+ principals who are authorized to add or delete the entries in
the cred table.
If credentials are being added for the caller itself, nisaddcred automatically performs a keylogin for the
caller.
Options
-p principal Use the principal name principal to fill the auth_name field for this entry. For LOCAL
credentials, the name supplied with this option should be a string specifying a UID. For
DES credentials, the name should be a Secure RPC netname of the form
unix.id@domain, as described earlier. If the -p option is not specified, the auth_name
field is constructed from the effective UID of the current process and the name of the local
domain.
-P nis_principal
Use the NIS+ principal name nis_principal. This option should be used when creating
LOCAL credentials for users whose home domain is different from the local machines
default domain.
Whenever the
-P option is not specified, nisaddcred constructs a principal name for the
entry as follows. When it is not creating an entry of type LOCAL, nisaddcred calls
nis_local_principal
, which looks for an existing LOCAL entry for the effective UID
of the current process in the
cred.org_dir table and uses the associated principalname
for the new entry. When creating an entry of authentication type LOCAL,
nisaddcred
constructs a default NIS+ principal name by taking the login name of the effective UID for
its own process and appending to it a dot (‘‘.’’) followed by the local machine’s default
domain. If the caller is a superuser, the machine name is used instead of the login name.
-l login_password
Use the login_password specified as the password to encrypt the secret key for the creden-
tial entry. This overrides the prompting for a password from the shell. This option is
intended for administration scripts only. Prompting guarantees not only that no one can
see your password on the command line using ps(1), but it also checks to make sure you
have not made any mistakes. NOTE: login_password does not really HAVE to be the
user’s password, but if it is, it simplifies logging in.
-r [ nis_principal ]
Remove all credentials associated with the principal nis_principal from the
cred.org_dir table. This option can be used when removing a client or user from the
system. If nis_principal is not specified, the default is to remove credentials for the current
user.Ifdomain_name is not specified, the operation is executed in the default NIS+
domain.
RETURN VALUE
This command returns
0 on success and 1 on failure.
EXAMPLES
Add a LOCAL entry with a UID 2970 for the NIS+ principal name fredw.some.domain:
nisaddcred -p 2970 -P fredw.some.domain. local
Note that credentials are always added in the cred.org_dir table in the domain where nisaddcred
is run, unless domainname is specified as the last parameter on the command line. If credentials are being
Section 1M578 2 HP-UX Release 11i: December 2000
___
___