NIS+ Credential Setup
To gain authorisation to change NIS+ databases you need to create your security credentials for the NIS+ principals. These credentials are stored in the cred.org_dir
table in the default NIS+ domain.
Root master
Setting Up Credentials for the Root Master Server
- Login as root on the root master server and create the credential for the root master at the highest security level
# nisaddcred des
- Create the group nisadmin and the master host to the group
# nisgrpadm -c nisadmin.<nisplus-domain>. # nisgrpadm -a nisadmin.<nisplus-domain>. <master_host_name>.<nisplus-domain>.
- Update the NIS+ keys
# nisupdkeys <nisplus-domain>. # nisupdkeys org_dir.<nisplus-domain>. # nisupdkeys groups_dir.<nisplus-domain>.
- Kill and restart the rpc.nisd with the new security level enforced
# ps -ef | grep rpc.nisd # kill rpc.nisd_pid_number # rpc.nisd -r
- Set the permissions and group ownerships for the directories
# nischmod g=rmcd <nisplus-domain>. org_dir.<nisplus-domain>. groups_dir.<nisplus-domain>. # nischgrp nisadmin.<nisplus-domain>. <nisplus-domain>.
- Set the environmental variable
NIS_GROUP
. To do this permanently add this variable to/.profile
and/.login
, e.g.# setenv NIS_GROUP nisadmin.<nisplus-domain>.
Clients
Setting Up Credentials for Client Hosts
- Login as root on the root master server and define the client host as a principal. You'll be prompted for the root password of the client host. You can also add the client host to the group
nisadmin.<nisplus-domain>.
# nisaddcred -p unix.host_name@<nisplus-domain> -P host_name.<nisplus-domain>. des
- To allow the root user on the client host to update the maps, add that host to the NIS+ group,
nisadmin.<nisplus-domain>.
# nisgrpadm -a nisadmin.<nisplus-domain>. host_name.<nisplus-domain>.
- Login as root on the client host and enter the password for root of that host.
# keylogin -r Password:
- If the root user on the client host is to update the maps, then on the client host set the environmental variable
NIS_GROUP
. To do this permanently add this variable to/.profile
and/.login
, e.g.# setenv NIS_GROUP nisadmin.<nisplus-domain>.
Users
Setting Up Credentials for Users
- Login as root on the root master server and create the user account. This can be done with
admintool
. Add a password for the user account using the nispasswd command and add the credentials usingnisaddcred
.# admintool # nispasswd login_name Password: # nisaddcred -p uid# local # nisaddcred -p unix.uid#@<nisplus-domain> -P login_name.<nisplus-domain>. des Password:
- To allow the user to change the NIS+ maps, the user must be added to the NIS+ group,
nisadmin.<nisplus-domain>.
# nisgrpadm -a nisadmin.<nisplus-domain>. login_name.<nisplus-domain>.
- If the user is to update the maps using
admintool
you must create the groupsysadmin
withgid=14
and then add this user as a member of thesysadmin
group. - Set the user's environment variable
NIS_GROUP
. To do this permanently add this variable to~/.profile
and~/.login
, e.g.# setenv NIS_GROUP nisadmin.<nisplus-domain>.