nisauthconf(1M) System Administration Commands nisauthconf(1M)NAMEnisauthconf - configure NIS+ security
SYNOPSISnisauthconf [-v] [mechanism,]...
DESCRIPTIONnisauthconf controls which authentication flavors NIS+ should use when
communicating with other NIS+ clients and servers. If the command is
not executed, then NIS+ will default to the AUTH_DES authentication
flavor when running security level 2. See rpc.nisd(1M).
nisauthconf takes a list of authentication mechanism's in order of
preference. An authentication mechanism may use one or more authentica‐
tion flavors listed below. If des is the only specified mechanism, then
NIS+ only use AUTH_DES with other NIS+ clients and servers. If des is
the first mechanism, then other authentication mechanism's after des
will be ignored by NIS+, except for nisaddcred(1M). After changing the
mechanism configuration, the keyserv(1M) daemon must be restarted. Note
that doing so will remove encryption keys stored by the running keyserv
process. This means that a reboot usually is the safest option when the
mechanism configuration has been changed.
The following mechanisms are available:
┌─────────────────────────────┬─────────────────────────────┐
│ Authentication mechanism │ Authentication Flavor │
├─────────────────────────────┼─────────────────────────────┤
│des │AUTH_DES │
├─────────────────────────────┼─────────────────────────────┤
│dh640-0 │RPCSEC_GSS using 640-bit │
│ │Diffie-Hellman keys │
├─────────────────────────────┼─────────────────────────────┤
│dh1024-0 │RPCSEC_GSS using 1024-bit │
│ │Diffie-Hellman keys │
└─────────────────────────────┴─────────────────────────────┘
If no mechanisms are specified, then a list of currently configured
mechanisms is printed.
OPTIONS-v Displays a verbose table listing the currently configured authen‐
tication mechanisms.
EXAMPLES
Example 1 Configuring a System with only RPCSEC_GSS Authentication Fla‐
vor
To configure a system to use only the RPCSEC_GSS authentication flavor
with 640-bit Diffie-Hellman keys, execute the following as root:
example# /usr/lib/nis/nisauthconf dh640-0
Example 2 Configuring a System with both RPCSEC_GSS and AUTH_DES
Authentication Flavors
To configure a system to use both RPCSEC_GSS (with 640-bit Diffie-Hell‐
man keys) and AUTH_DES authentication flavors:
example# /usr/lib/nis/nisauthconf dh640-0 des
Example 3 Transitioning to Other Authentication Flavors
The following example can be used while adding credentials for a new
mechanism before NIS+ is authenticating with the new mechanism:
example# /usr/lib/nis/nisauthconf des dh640-0
Note that except for nisaddcred(1M), NIS+ will not use mechanisms that
follow 'des.'
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
/etc/rpcsec/nisplussec.conf
NIS+ authentication configuration file. This file may change or be
removed in future versions of Solaris.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWnisu │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSONIS+(1), keyserv(1M), nisaddcred(1M), rpc.nisd(1M), attributes(5)NOTES
A NIS+ client of a server that is configured for either dh640-0 or
dh1024-0 must run Solaris 7 or later, even if the server is also con‐
figured with des.
NIS+ might not be supported in future releases of the Solaris operating
system. Tools to aid the migration from NIS+ to LDAP are available in
the current Solaris release. For more information, visit
http://www.sun.com/directory/nisplus/transition.html.
SunOS 5.10 12 Dec 2001 nisauthconf(1M)