How to Set Up a New User Key That Uses NIS+ Credentials for Diffie-Hellman Authentication

1. Add the user to the cred table on the root master server by typing the following command:

   # nisaddcred -p unix.UID@domain-name -P username.domain-name. des

   
   

   Note that, in this case, the username.domain-name must end with a dot (.)

2. Verify the setup by logging in as the client and typing the keylogin command.

Example--Setting Up a New Key for an NIS+ User

The following example shows how DES authorization is given to a user who is named george.

# nisaddcred -p unix.1234@North.Abc.com -P george.North.Abc.COM. des
DES principal name : unix.1234@North.Abc.COM
Adding new key for unix.1234@North.Abc.COM (george.North.Abc.COM.)
 
Password:
Retype password:
 
# rlogin rootmaster -l george
# keylogin
Password:
#

How to Set Up a root Key by Using NIS Credentials With Diffie-Hellman Authentication

1. Become superuser on the client or assume an equivalent role.

2. Edit the /etc/nsswitch.conf file, and add the following line:

   publickey: nis

   
   

3. Create a new key pair by using the newkey command.

   # newkey -h hostname

   
   

   hostname is the name of the client.

Example--Setting Up a New Key for root on a NIS Client

The following example shows how to set up earth as a secure NIS client.

# newkey -h earth
Adding new key for unix.earth@North.Abc.COM
New Password:
Retype password:
Please wait for the database to get updated...
Your new key has been successfully stored away.
#

How to Create a New User Key That Uses NIS Credentials With Diffie-Hellman Authentication

1. Log in to the NIS master server as superuser or assume an equivalent role.

   Only system administrators, when logged in to the NIS master server, can generate a new key for a user.

2. Create a new key for a user.

   # newkey -u username

   
   

   username is the name of the user. The system prompts for a password. You can type a generic password. The private key is stored in an encrypted form by using the generic password.

   # newkey -u george Adding new key for unix.12345@Abc.North.Acme.COM New Password: Retype password: Please wait for the database to get updated... Your new key has been successfully stored away. #

   
   

3. Tell the user to log in and type the chkey -p command.

   This command allows the user to re-encrypt his or her private key with a password known only to the user.

   earth% chkey -p Updating nis publickey database. Reencrypting key for unix.12345@Abc.North.Acme.COM Please enter the Secure-RPC password for george: Please enter the login password for george: Sending key change request to pluto... #

   
   

   ---

   Note - The chkey command can be used to create a new key-pair for a user.

   ---

How to Share and Mount Files With Diffie-Hellman Authentication

Prerequisite

The Diffie-Hellman publickey authentication must be enabled on the network. See How to Set Up a root Key in NIS+ Credentials for Diffie-Hellman Authentication and How to Set Up a root Key by Using NIS Credentials With Diffie-Hellman Authentication.

To share a file system with Diffie-Hellman authentication:

1. Become superuser or assume an equivalent role.

2. Share the file system with Diffie-Hellman authentication.

   # share -F nfs -o sec=dh /filesystem

   
   

To mount a file system with Diffie-Hellman authentication:

1. Become superuser or assume an equivalent role.

2. Mount the file system with Diffie-Hellman authentication.

   # mount -F nfs -o sec=dh server:resource mountpoint

   
   

   The -o sec=dh option mounts the file system with AUTH_DH authentication.