nisupdkeys - update the public  keys  in  a  NIS+  directory


     /usr/lib/nis/nisupdkeys [-a | -C]  [-H host] [directory]

     /usr/lib/nis/nisupdkeys -s [-a | -C]  -H host


     This command updates the public keys in an  NIS+   directory
     object.  When  the  public  key(s)  for  a  NIS+  server are
     changed, nisupdkeys reads a directory object and attempts to
     get  the  public key data for each server of that directory.
     These keys are placed in the directory object and the object
     is  then  modified to reflect the new keys. If  directory is
     present, the directory object for that directory is updated.
     Otherwise  the  directory  object  for the default domain is
     updated. The new key must be  propagated  to  all  directory
     objects that reference that server.

     On the other hand, nisupdkeys -s gets  a  list  of  all  the
     directories  served  by  host  and  updates  those directory
     objects.  This assumes that the caller has adequate  permis-
     sion  to  change  all the associated directory objects.  The
     list of directories being served by a given server can  also
     be  obtained  by  nisstat(1M). Before you do this operation,
     make sure that the new  address/public  key  has  been  pro-
     pagated to all replicas.  If multiple authentication mechan-
     isms are configured using  nisauthconf(1M),  then  the  keys
     for those mechanisms will also be updated or cleared.

     The user executing this command must have modify  access  to
     the  directory object for it to succeed. The existing direc-
     tory object can be displayed  with  the   niscat(1)  command
     using the  -o option.

     This command does not update the directory objects stored in
     the NIS_COLD_START file on the NIS+ clients.

     If a server is also the root master server, then  nisupdkeys
     -s cannot be used to update the root directory.


     -a    Update the universal addresses of the NIS+ servers  in
           the  directory object.  Currently, this only works for
           the TCP/IP family of transports.  This  option  should
           be  used when the IP address of the server is changed.
           The   server's   new   address   is   resolved   using
           getipnodebyname(3SOCKET)   on   this   machine.    The
           /etc/nsswitch.conf file  must  point  to  the  correct
           source  for  ipnodes  and hosts for this resolution to

     -C    Specify to clear rather than set  the  public  key(s).
           Communication  with a server that has no public key(s)
           does not require the use of secure RPC.

     -H host
           Limit key changes only to the server  named  host.  If
           the hostname is not a fully qualified  NIS+ name, then
           it is assumed to be a host in the default  domain.  If
           the named host does not serve the directory, no action
           is taken.

     -s    Update all the NIS+ directory objects  served  by  the
           specified  server.  This  assumes  that the caller has
           adequate access rights to change  all  the  associated
           directory  objects.  If the NIS+ principal making this
           call does not have adequate permissions to update  the
           directory  objects, those particular updates will fail
           and the caller will be notified.  If the  rpc.nisd  on
           host  cannot return the list of servers it serves, the
           command will print an error message.  The caller would
           then  have  to invoke nisupdkeys multiple times (as in
           the first synopsis), once per NIS+  directory that  it


     Example 1: Using nisupdkeys

     The following example updates the keys for  servers  of  the domain.

     example% nisupdkeys

     This example updates the key(s) for host  fred  that  serves
     the domain.

     example% nisupdkeys -H fred

     This example clears the public key(s) for host wilma in  the directory.

     example% nisupdkeys -CH wilma

     This example updates the  public  key(s)  in  all  directory
     objects that are served by the host wilma.

     example% nisupdkeys -s -H wilma


     See attributes(5) for descriptions of the  following  attri-
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWnisu                    |


     chkey(1),   niscat(1),   nisaddcred(1M),    nisauthconf(1M),
     nisstat(1M),   getipnodebyname(3SOCKET),  nis_objects(3NSL),


     NIS+ might not  be  supported  in  future  releases  of  the
     SolarisTM  Operating Environment. Tools to aid the migration
     from NIS+ to LDAP are available in the Solaris  9  operating
     environment.      For      more      information,      visit

Man(1) output converted with man2html