Changing the root master's credential (NIS+)

Changing the root master's credential (NIS+)

Post by Ulf Schell » Fri, 27 May 1994 03:35:54



Hi,

I'm trying to change the root master's credential. I'm using
Solaris 2.1 on SPARCstation10 machines.

Here is the procedure I carried out:

  First I switched the NIS+ daemon into security level 0 and used the
  `nisaddcred des' command to create a new credential. A new rootkey was
  written into /etc/.rootkey. I then rebooted the machine. The boot
  process stopped after a while and the system hung. I figured out that
  this occurs if a request to the information stored in the NIS+ tables
  is made. I restored the whole /var/nis/ directory from tape and
  tried to change the credential again. To check if the
  credential was changed I executed a `niscat -L cred.org_dir' command
  immediately after the nisaddcred command. The command didn't recover
  and I was not able to access any other NIS+ table.  A `nisupdkey' command
  told me that it could not access the root object.

The nisaddcred command seems to destroy some tables and/or objects such
that any further request will fail. Especially in security level 0 I
should at least be able to read the cred table since even an
unauthenticated request is mapped to the `Nobody' category which
has read access to the table.

I tried many variants of the above procedure (different security levels,
using the chkey command, removing the credential before creating a new
one, executing nisupdkeys directly after the
nisaddcred resp. chkey command etc.....), but I had no success
(the only thing I learned is how to restore a tape from a remote
machine using the ufsrestore command). I could change the credentials
of other client workstations without any problem.

Up to now I met (or read about) most of the known Solaris 2.1 NIS+ bugs
but I never heard about my problem. I don't know if it is another bug or
just an user error.

Any hints or suggestions how to change the root master's credential
are welcome. Thanks in advance.

 Ulf