nisauthconf(1M)




NAME

     nisauthconf - configure NIS+ security


SYNOPSIS

     nisauthconf [-v] [mechanism,...]


DESCRIPTION

     nisauthconf  controls  which  authentication  flavors   NIS+
     should  use  when  communicating with other NIS+ clients and
     servers.  If the command is not  executed,  then  NIS+  will
     default  to  the AUTH_DES authentication flavor when running
     security level 2. See rpc.nisd(1M).

     nisauthconf takes a list of  authentication  mechanism's  in
     order  of  preference.   An authentication mechanism may use
     one or more authentication flavors listed below.  If des  is
     the  only  specified  mechanism, then NIS+ only use AUTH_DES
     with other NIS+ clients and servers.  If des  is  the  first
     mechanism,  then  other authentication mechanism's after des
     will be ignored by NIS+, except  for  nisaddcred(1M).  After
     changing the mechanism configuration, the keyserv(1M) daemon
     must be restarted. Note that doing so will remove encryption
     keys  stored by the running keyserv process. This means that
     a reboot usually is the safest  option  when  the  mechanism
     configuration has been changed.

     The following mechanisms are available:

     ____________________________________________________________
  |    Authentication mechanism |      Authentication Flavor  |
  |  ___________________________|_____________________________|__
  |   des                       |   AUTH_DES                  |
  |  ___________________________|_____________________________|__
  |   dh640-0                   |   RPCSEC_GSS  using   640-bi|
  |                             |   Diffie-Hellman keys       |
  | ____________________________|_____________________________|_
  |  dh1024-0                   |  RPCSEC_GSS  using  1024-bit|
  |                             |  Diffie-Hellman keys        |
  |_____________________________|_____________________________|

     If no mechanisms are specified, then  a  list  of  currently
     configured mechanisms is printed.


OPTIONS

     -v    Displays a verbose table listing the currently config-
           ured authentication mechanisms.


EXAMPLES

     Example 1: Configuring a System with only RPCSEC_GSS Authen-
     tication Flavor

     To configure a system to use only the RPCSEC_GSS authentica-
     tion  flavor  with  640-bit Diffie-Hellman keys, execute the
     following as root:

     example# /usr/lib/nis/nisauthconf dh640-0

     Example 2: Configuring a System  with  both  RPCSEC_GSS  and
     AUTH_DES Authentication Flavors

     To configure a system to use both RPCSEC_GSS  (with  640-bit
     Diffie-Hellman keys) and AUTH_DES authentication flavors:

     example# /usr/lib/nis/nisauthconf dh640-0 des

     Example 3: Transitioning to Other Authentication Flavors

     The following example can be used while  adding  credentials
     for  a  new mechanism before NIS+ is authenticating with the
     new mechanism:

     example#  /usr/lib/nis/nisauthconf des dh640-0

     Note that except  for  nisaddcred(1M),  NIS+  will  not  use
     mechanisms that follow 'des.'


EXIT STATUS

     The following exit values are returned:

     0     Successful completion.

     1     An error occurred.


FILES

     /etc/rpcsec/nisplussec.conf
           NIS+ authentication configuration file. This file  may
           change or be removed in future versions of Solaris.


ATTRIBUTES

     See attributes(5)  for descriptions of the following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWnisu                    |
    |_____________________________|_____________________________|


SEE ALSO

     nis+(1), keyserv(1M), nisaddcred(1M),  rpc.nisd(1M),  attri-
     butes(5)


NOTES

     A NIS+ client of a server  that  is  configured  for  either
     dh640-0 or dh1024-0 must run Solaris 7 or later, even if the
     server is also configured with des.

     NIS+ might not  be  supported  in  future  releases  of  the
     SolarisTM  Operating Environment. Tools to aid the migration
     from NIS+ to LDAP are available in the Solaris  9  operating
     environment.      For      more      information,      visit
     http://www.sun.com/directory/nisplus/transition.html.


Man(1) output converted with man2html