Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎

nisauthconf


NAME
     nisauthconf - configure NIS+ security

SYNOPSIS
     nisauthconf [-v] [mechanism,]...


DESCRIPTION
     nisauthconf  controls  which  authentication  flavors   NIS+
     should  use  when  communicating with other NIS+ clients and
     servers. If the command is  not  executed,  then  NIS+  will
     default  to  the AUTH_DES authentication flavor when running
     security level 2. See rpc.nisd(1M).


     nisauthconf takes a list of  authentication  mechanism's  in
     order of preference. An authentication mechanism may use one
     or more authentication flavors listed below. If des  is  the
     only  specified  mechanism, then NIS+ only use AUTH_DES with
     other NIS+ clients and servers. If des is the first  mechan-
     ism, then other authentication mechanism's after des will be
     ignored by NIS+, except for nisaddcred(1M).  After  changing
     the  mechanism configuration, the keyserv(1M) daemon must be
     restarted. Note that doing so will  remove  encryption  keys
     stored  by  the  running  keyserv process. This means that a
     reboot usually is the safest option when the mechanism  con-
     figuration has been changed.


     The following mechanisms are available:



     ____________________________________________________________
  |    Authentication mechanism |      Authentication Flavor  |
  |  ___________________________|_____________________________|__
  |   des                       |   AUTH_DES                  |
  |  ___________________________|_____________________________|__
  |   dh640-0                   |   RPCSEC_GSS  using   640-bi|
  |                             |   Diffie-Hellman keys       |
  | ____________________________|_____________________________|_
  |  dh1024-0                   |  RPCSEC_GSS  using  1024-bit|
  |                             |  Diffie-Hellman keys        |
  |_____________________________|_____________________________|



     If no mechanisms are specified, then  a  list  of  currently
     configured mechanisms is printed.

OPTIONS

     -v    Displays a verbose table listing the currently config-
           ured authentication mechanisms.


EXAMPLES
     Example 1 Configuring a System with only RPCSEC_GSS  Authen-
     tication Flavor


     To configure a system to use only the RPCSEC_GSS authentica-
     tion  flavor  with  640-bit Diffie-Hellman keys, execute the
     following as root:


       example# /usr/lib/nis/nisauthconf dh640-0



     Example 2 Configuring a  System  with  both  RPCSEC_GSS  and
     AUTH_DES Authentication Flavors


     To configure a system to use both RPCSEC_GSS  (with  640-bit
     Diffie-Hellman keys) and AUTH_DES authentication flavors:


       example# /usr/lib/nis/nisauthconf dh640-0 des



     Example 3 Transitioning to Other Authentication Flavors


     The following example can be used while  adding  credentials
     for  a  new mechanism before NIS+ is authenticating with the
     new mechanism:


       example# /usr/lib/nis/nisauthconf des dh640-0




     Note that except  for  nisaddcred(1M),  NIS+  will  not  use
     mechanisms that follow 'des.'


EXIT STATUS
     The following exit values are returned:

     0    Successful completion.

     1    An error occurred.


FILES
     /etc/rpcsec/nisplussec.conf

         NIS+ authentication configuration file.  This  file  may
         change or be removed in future versions of Solaris.


ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:



     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWnisu                    |
    |_____________________________|_____________________________|


SEE ALSO
     NIS+(1), keyserv(1M), nisaddcred(1M),  rpc.nisd(1M),  attri-
     butes(5)

NOTES
     A NIS+ client of a server  that  is  configured  for  either
     dh640-0 or dh1024-0 must run Solaris 7 or later, even if the
     server is also configured with des.


     NIS+ might not  be  supported  in  future  releases  of  the
     Solaris  operating  system.  Tools to aid the migration from
     NIS+ to LDAP are available in the current  Solaris  release.
     For            more            information,            visit
     http://www.sun.com/directory/nisplus/transition.html.










Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.
Comments