Changing root password (NIS+)

Changing root password (NIS+)

Post by Pierre MERLE - Sun France Hotli » Sat, 24 Feb 1996 04:00:00



Hi,

here is a way to change root passwd in nis+ env (you can find it in sunsolve DB) :

SRDB ID: 2132

SYNOPSIS: How to change root password on any NIS+ server or client?

DETAIL DESCRIPTION:

Proper procedures need to be taken when changing root passwd on
any NIS+ server (Root Master/Root Replica/Non-root master/Non-root replica)
or on an NIS+ client machine.

This impacts NIS+ operation under security level 2 (default).

NIS+ requests mayfail due to authorization errors if the root
password is changed without following these guidelines.

SOLUTION SUMMARY:

1) Log in in as root on the NIS+ server or the NIS+ client whose root password
   you would like to change.

2) Execute the passwd command to change the root password in the
   /etc/passwd file.

3) Execute chkey -p to modify the private key in the cred.org_dir table.

4) Execute keylogin -r to write the secret key to /etc/.rootkey .

About the nfs problem, give more informations about the error messages and
the OS the the server and clients.

  Pierre  MERLE

 
 
 

1. NIS+ user management [Was: Re: root changing a user's password (NIS)]


And Solaris 2 removed `passwd -f <filename>'; the "-f" option now
means "force password change at next login".

                                  .  What other ways are there that are safer?

Good question.  I haven't used Solaris 2 at a large site long enough
for it to be much of an issue.  When necessary, I've just done as you
and edited the file by hand (using Emacs, which when saving at least
gives warning if the file's been changed).  Several years ago at Sun,
I recall there being a `viyp' utility for editing NIS files.  Maybe
they made it publically available.  I think it's harder to enforce
such a utility's use than it is to write one. ;-)

On a related note -- what is the recommended/approved/best way to add
new users and remove ex-users to/from NIS+ ??  One would hope `useradd'
could do it -- nope.  The NIS+ utilities `nis{addent,populate}' are
tailored towards adding to NIS+ tables from ASCII files or NIS maps
rather than dealing with a single "user" entry.  And using plain
`nistbladm' and `nisaddcred' options is crude and error-prone.

I've searched to no avail for some "cookbook" method of handling NIS+
user management.  My old NIS+ book was useless for that issue.  Maybe
I just have a blind spot.  Any suggestions would be appreciated...
thanks!

-sjk

--
Scott J. Kramer                         Graham Technology Solutions
Sr. UNIX Systems Administrator          20823 Stevens Creek Blvd., Suite 300

http://www.graham.com                 +1.408.366.8001

2. Looking for programming, testing C standards

3. changing NIS+ root master root password

4. Honey Danber UUCP

5. Changing local root password on box running NIS

6. any "dreamweaver" for linux

7. changing root password on a NIS+ server

8. linux kernel.org front page.

9. User password change by root using NIS

10. NIS+ - Changing root passwords

11. NIS+ root password change

12. how to change root password on NIS+ master server

13. How Do I change root password on a replica (NIS+)