I'm trying to change the root master's credential. I'm using
Solaris 2.1 on SPARCstation10 machines.
Here is the procedure I carried out:
First I switched the NIS+ daemon into security level 0 and used the
`nisaddcred des' command to create a new credential. A new rootkey was
written into /etc/.rootkey. I then rebooted the machine. The boot
process stopped after a while and the system hung. I figured out that
this occurs if a request to the information stored in the NIS+ tables
is made. I restored the whole /var/nis/ directory from tape and
tried to change the credential again. To check if the
credential was changed I executed a `niscat -L cred.org_dir' command
immediately after the nisaddcred command. The command didn't recover
and I was not able to access any other NIS+ table. A `nisupdkey' command
told me that it could not access the root object.
The nisaddcred command seems to destroy some tables and/or objects such
that any further request will fail. Especially in security level 0 I
should at least be able to read the cred table since even an
unauthenticated request is mapped to the `Nobody' category which
has read access to the table.
I tried many variants of the above procedure (different security levels,
using the chkey command, removing the credential before creating a new
one, executing nisupdkeys directly after the
nisaddcred resp. chkey command etc.....), but I had no success
(the only thing I learned is how to restore a tape from a remote
machine using the ufsrestore command). I could change the credentials
of other client workstations without any problem.
Up to now I met (or read about) most of the known Solaris 2.1 NIS+ bugs
but I never heard about my problem. I don't know if it is another bug or
just an user error.
Any hints or suggestions how to change the root master's credential
are welcome. Thanks in advance.