nisupdkeys Command

Purpose

Updates the public keys in NIS directory objects.

Syntax

/usr/lib/nis/nisupdkeys-a ] | [  -C ] [  -H Hostname ] [  -s ] [ Dirname ]

Description

The nisupdkeys command updates the public keys in an NIS+ directory object. When the public key for an NIS+ server is changed, the new key must be propagated to all directory objects that reference that server. nisupdkeys reads a directory object and attempts to copy the public key for each server of that directory. The key is then placed in the directory object and then the object is modified to reflect the new key.

If Dirname exists, then its directory object is updated. If not, then the directory object for the default domain is updated. nisupdkeys -s obtains a list of all the directories served by Hostname and updates those directory objects, assuming that the caller has the necessary permission rights. That list of directories can also be obtained by the nisstat command.

Before you run nisupdkeys, make sure you have propagated the new address/public key to all replica servers.

Flags

Item Description
-a Updates the universal addresses of the NIS+ servers in the directory object. The -a flag only works for the TCP/IP family of transports. You should use this flag when the IP address of the server is changed. The new address is resolved using gethostname on that server. In order for this resolution to work, the /etc/nsswitch.conf file must point to the correct source of the server's entry.
-C Clears the public key. Communication with a server that has no public key does not require the use of a secure remote procedure call.
-H Hostname Updates the keys of the server named Hostname for the current domain directory object. If the host name is not fully qualified, then nisupdkeys assumes the server is in the default domain. If Hostname does not serve the directory, then nothing happens.
-s Updates all the NIS+ directory objects served by the server Hostname, assuming that you have the necessary permission rights. If you do not have permission to update the directory objects, those updates fail and you will be notified. If the rpc.nisd on Hostname can't return the list of servers it serves, nisupdkeys returns an error message. Then you must invoke the nisupdkeys multiple times, once per NIS+ directory the rpc.nisd serves.
Dirname Updates the keys of the directory object for the directory Dirname.

Examples

  1. To update the keys for servers of the abc.def. domain, enter:
    nisupdkeys abc.def.
  2. To update the keys for host xyzserver that serves the abc.def. domain, enter:
    nisupdkeys -H xyzserver abc.def.
  3. To clear the keys for host xyzserver in the abc.def. domain, enter:
    nisupdkeys -CH xyzserver abc.def.
  4. To update the keys in all directory objects served by xyzserver, enter:
    nisupdkeys -sH xyzserver

Security

Access Control: To use the nisupdkeys command, you must have modify rights to the NIS+ directory object.

Files

Item Description
/usr/lib/nis Directory where the nisupdkeys command resides.