changing root password on a NIS+ server

changing root password on a NIS+ server

Post by Mathias Waac » Wed, 23 May 2001 18:21:50



Hi all,

I need to change the root password on a set of Solaris 8 boxes. I know the
sequence "passwd; chkey -p; keylogin -r" can do this on a client. Does this
work on the NIS+ server too? Are there any side effects if I change the
root password on a NIS+ server or a replica?

Mathias

 
 
 

changing root password on a NIS+ server

Post by Mathew Kirsc » Wed, 23 May 2001 22:47:50



> I need to change the root password on a set of Solaris 8 boxes. I know the
> sequence "passwd; chkey -p; keylogin -r" can do this on a client. Does this
> work on the NIS+ server too? Are there any side effects if I change the
> root password on a NIS+ server or a replica?

Yes, this sequence works on NIS+ servers as well.

 
 
 

changing root password on a NIS+ server

Post by Neil W Ricker » Wed, 23 May 2001 22:53:11



>I need to change the root password on a set of Solaris 8 boxes. I know the
>sequence "passwd; chkey -p; keylogin -r" can do this on a client. Does this
>work on the NIS+ server too? Are there any side effects if I change the
>root password on a NIS+ server or a replica?

Actually, the "keylogin -r" should not be needed.  The effect of
"chkey -p" is supposed to be that the secret key is kept as before,
but re-encrypted to the new passwd.  Since "/etc/.rootkey" contains
the unencrypted private key, the contents of that file should be the
same before and after.

Yes, you can also change the password on a NIS+ server in the same
manner.  The only difference is that if you*up, the
consequences are more serious.

 
 
 

1. NIS+ user management [Was: Re: root changing a user's password (NIS)]


And Solaris 2 removed `passwd -f <filename>'; the "-f" option now
means "force password change at next login".

                                  .  What other ways are there that are safer?

Good question.  I haven't used Solaris 2 at a large site long enough
for it to be much of an issue.  When necessary, I've just done as you
and edited the file by hand (using Emacs, which when saving at least
gives warning if the file's been changed).  Several years ago at Sun,
I recall there being a `viyp' utility for editing NIS files.  Maybe
they made it publically available.  I think it's harder to enforce
such a utility's use than it is to write one. ;-)

On a related note -- what is the recommended/approved/best way to add
new users and remove ex-users to/from NIS+ ??  One would hope `useradd'
could do it -- nope.  The NIS+ utilities `nis{addent,populate}' are
tailored towards adding to NIS+ tables from ASCII files or NIS maps
rather than dealing with a single "user" entry.  And using plain
`nistbladm' and `nisaddcred' options is crude and error-prone.

I've searched to no avail for some "cookbook" method of handling NIS+
user management.  My old NIS+ book was useless for that issue.  Maybe
I just have a blind spot.  Any suggestions would be appreciated...
thanks!

-sjk

--
Scott J. Kramer                         Graham Technology Solutions
Sr. UNIX Systems Administrator          20823 Stevens Creek Blvd., Suite 300

http://www.graham.com                 +1.408.366.8001

2. Making rwhod broadcast more frequently

3. how to change root password on NIS+ master server

4. Systems Manager -- U Maryland, College Park

5. HELP- change root password of NIS+ client and server host

6. neaten some simple scripts...{new to these things}

7. changing NIS+ root master root password

8. Accton PCI?

9. Changing local root password on box running NIS

10. User password change by root using NIS

11. Changing root password (NIS+)

12. NIS+ - Changing root passwords

13. NIS+ root password change