DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Setting up NIS

Preparing the publickey file

If you are planning on running secure RPC as a means of providing secure networking, you need to prepare the publickey(4bnu) file.

This file consists of three fields in the following format:

   user name	 user public key : user secret key
where user name is the name of a user or of a machine, user public key is that key in hexadecimal notation, and user secret key is that key also in hexadecimal notation, encrypted by the user's password.

If you are not familiar with hexadecimal notation, the command newkey(1Mbnu) is provided. To create publickey file entries, become the NIS administrator at the master server and invoke newkey for a given user by entering:

newkey -u username

or for the NIS administrator on a given host machine by entering:

newkey -h hostname

At the prompt, type the appropriate secure RPC or network password. The program will then create a new public/secret key pair in /etc/publickey, encrypted with the secure RPC or network password of the given user.

Users can later modify their own entries by using the command chkey(1bnu). To modify publickey file entries, enter:

chkey

on the server, and then respond to prompts from the command.

Note that the keyserv(1Mbnu) daemon must be running before issuing the newkey or chkey command. To see if the keyserv daemon is running, enter:

ps -eaf | grep keyserv

and check for output similar to the following:

   root  2731     1  0 14:20:23 ?        0:00 /usr/sbin/keyserv
If the keyserv daemon is not running, secure RPC may not be properly set up. See ``Administering Remote Procedure Calls (RPC)'' for more information about keyserv.

A typical chkey session would look like this:

   willow$ chkey
   Generating new key for username
   Password: user enters password
   Retype password: password
   Sending key change request to server...
   Done.
   willow$

Note that in order for newkey and chkey to run properly, the daemon ypupdated(1Mnis) must be running in the master server. If it is not running at this point, enter:

/usr/lib/netsvc/yp/ypupdated

You must also make sure that the file /etc/inet.d/nis contains the lines:

   if [ -x /usr/lib/netsvc/yp/ypupdated ]
   then
   	/usr/lib/netsvc/yp/ypupdated > /dev/console 2>&1
   fi
The ypupdated daemon consults the file /var/yp/updaters for information about which maps should be updated and how to go about it. In the case of the publickey map, changes to /etc/publickey effected through newkey or chkey are mediated by /usr/sbin/udpublickey.

updaters is a make file installed by default with an entry for /etc/publickey. If you modify publickey's directory in /var/yp/Makefile (that is, if you want the publickey file to be in a directory other than /etc), modify the variable DIR in the updaters file in a manner similar to that described in ``Modifying the Makefile''.


© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004