Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎


     nisupdkeys - update the public  keys  in  a  NIS+  directory

     /usr/lib/nis/nisupdkeys [-a | -C]  [-H host] [directory]

     /usr/lib/nis/nisupdkeys -s [-a | -C]  -H host

     This command updates the public keys in  an  NIS+  directory
     object.  When  the  public  key(s)  for  a  NIS+  server are
     changed, nisupdkeys reads a directory object and attempts to
     get  the  public key data for each server of that directory.
     These keys are placed in the directory object and the object
     is  then  modified  to reflect the new keys. If directory is
     present, the directory object for that directory is updated.
     Otherwise  the  directory  object  for the default domain is
     updated. The new key must be  propagated  to  all  directory
     objects that reference that server.

     On the other hand, nisupdkeys -s gets  a  list  of  all  the
     directories  served  by  host  and  updates  those directory
     objects. This assumes that the caller has  adequate  permis-
     sion  to  change  all  the associated directory objects. The
     list of directories being served by a given server can  also
     be  obtained  by  nisstat(1M). Before you do this operation,
     make sure that the new  address/public  key  has  been  pro-
     pagated  to all replicas. If multiple authentication mechan-
     isms are configured using nisauthconf(1M), then the keys for
     those mechanisms will also be updated or cleared.

     The user executing this command must have modify  access  to
     the  directory object for it to succeed. The existing direc-
     tory object can be  displayed  with  the  niscat(1)  command
     using the -o option.

     This command does not update the directory objects stored in
     the NIS_COLD_START file on the NIS+ clients.

     If a server is also the root master server, then  nisupdkeys
     -s cannot be used to update the root directory.

     -a              Update the universal addresses of  the  NIS+
                     servers  in the directory object. Currently,
                     this only works for  the  TCP/IP  family  of
                     transports.  This option should be used when
                     the IP address of the server is changed. The
                     server's   new  address  is  resolved  using
                     getipnodebyname(3SOCKET)  on  this  machine.
                     The  /etc/nsswitch.conf  file  must point to
                     the correct source for ipnodes and hosts for
                     this resolution to work.

     -C              Specify to clear rather than set the  public
                     key(s). Communication with a server that has
                     no public key(s) does not require the use of
                     secure RPC.

     -H host         Limit key changes only to the  server  named
                     host.  If the hostname is not a fully quali-
                     fied NIS+ name, then it is assumed to  be  a
                     host  in  the  default  domain. If the named
                     host does not serve the directory, no action
                     is taken.

     -s              Update all the NIS+ directory objects served
                     by  the  specified server. This assumes that
                     the caller has  adequate  access  rights  to
                     change all the associated directory objects.
                     If the NIS+ principal making this call  does
                     not  have adequate permissions to update the
                     directory objects, those particular  updates
                     will  fail  and the caller will be notified.
                     If the rpc.nisd on host  cannot  return  the
                     list  of servers it serves, the command will
                     print an error  message.  The  caller  would
                     then  have  to  invoke  nisupdkeys  multiple
                     times (as in the first synopsis),  once  per
                     NIS+ directory that it serves.

     Example 1: Using nisupdkeys

     The following example updates the keys for  servers  of  the
     foo.bar. domain.

     example% nisupdkeys foo.bar.

     This example updates the key(s) for host  fred  that  serves
     the foo.bar. domain.

     example% nisupdkeys -H fred foo.bar.

     This example clears the public key(s) for host wilma in  the
     foo.bar. directory.

     example% nisupdkeys -CH wilma foo.bar.

     This example updates the  public  key(s)  in  all  directory
     objects that are served by the host wilma.

     example% nisupdkeys -s -H wilma

     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWnisu                    |

     chkey(1),   niscat(1),   nisaddcred(1M),    nisauthconf(1M),
     nisstat(1M),   getipnodebyname(3SOCKET),  nis_objects(3NSL),

     NIS+ might not  be  supported  in  future  releases  of  the
     Solaris  Operating  system.  Tools to aid the migration from
     NIS+ to LDAP are available in the current  Solaris  release.
     For            more            information,            visit

Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.