HP-UX Reference (11i v1 00/12) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

100

__________________________________________________________________________________________________________________________________________________________________________________________________

STANDARD Printed by: Nora Chuang [nchuang] STANDARD

/build/1111/BRICK/man1m/naaagt.1m

________________________________________________________________

___ ___

nisupdkeys(1M) nisupdkeys(1M)

NAME

nisupdkeys - update the public keys in a NIS+ directory object

SYNOPSIS

/usr/lib/nis/nisupdkeys [ -a | -C ][-H host ][directory ]

/usr/lib/nis/nisupdkeys -s [ -a | -C ] -H host

DESCRIPTION

This command updates the public keys in an NIS+ directory object. When the public key for a NIS+ server

is changed, the new key must be propagated to all directory objects that reference that server.

nisupdkeys reads a directory object and attempts to get the public key for each server of that directory.

These keys are placed in the directory object and the object is then modiﬁed to reﬂect the new keys.

If directory is present, the directory object for that directory is updated. Otherwise the directory object for

the default domain is updated.

On the other hand, nisupdkeys -s gets a list of all the directories served by host and updates those

directory objects. This assumes that the caller has adequate permission to change all the associated direc-

tory objects. The list of directories being served by a given server can also be obtained by nisstat(1M).

Before you do this operation, make sure that the new address/public key has been propagated to all repli-

cas.

Options

-a Update the universal addresses of the NIS+ servers in the directory object. Currently, this

only works for the TCP/IP family of transports. This option should be used when the IP

address of the server is changed. The server’s new address is resolved using

gethost-

byname()

on this machine. The /etc/nsswitch.conf

ﬁle must point to the correct

source for the hosts entry for this resolution to work.

-C Specify to clear rather than set the public key. Communication with a server that has no pub-

lic key does not require the use of secure RPC.

-H host Limit key changes only to the server named host. If the hostname is not a fully qualiﬁed NIS+

name, then it is assumed to be a host in the default domain. If the named host does not serve

the directory, no action is taken.

-s Update all the NIS+ directory objects served by the speciﬁed server. This assumes that the

caller has adequate access rights to change all the associated directory objects. If the NIS+

principal making this call does not have adequate permissions to update the directory objects,

those particular updates will fail and the caller will be notiﬁed. If the rpc.nisd on host can-

not return the list of servers it serves, the command will print an error message. The caller

would then have to invoke

nisupdkeys multiple times (as in the ﬁrst SYNOPSIS), once per

NIS+ directory that it serves.

EXAMPLES

The following example updates the keys for servers of the foo.bar. domain.

nisupdkeys foo.bar.

This example updates the key for host fred which serves the foo.bar. domain.

nisupdkeys -H fred foo.bar.

This example clears the public key for host wilma in the foo.bar. directory.

nisupdkeys -CH wilma foo.bar.

This example updates the public key in all directory objects that are served by the host wilma.

nisupdkeys -s -H wilma

AUTHOR

nisupdkeys was developed by Sun Microsystems, Inc.