nisupdkeys - update the public keys in a NIS+ directory object
/usr/lib/nis/nisupdkeys [ -a | -C ] [ -H host ] [ directory ]
/usr/lib/nis/nisupdkeys -s [ -a | -C ] -H host
This command updates the public keys in an NIS+ directory object.
When the public key for a NIS+ server is changed, the new key must be
propagated to all directory objects that reference that server.
nisupdkeys reads a directory object and attempts to get the public key
for each server of that directory. These keys are placed in the
directory object and the object is then modified to reflect the new
If directory is present, the directory object for that directory is
updated. Otherwise the directory object for the default domain is
On the other hand, nisupdkeys -s gets a list of all the directories
served by host and updates those directory objects. This assumes that
the caller has adequate permission to change all the associated
directory objects. The list of directories being served by a given
server can also be obtained by nisstat(1M).
Before you do this operation, make sure that the new address/public
key has been propagated to all replicas.
-a Update the universal addresses of the NIS+ servers in the
directory object. Currently, this only works for the
TCP/IP family of transports. This option should be used
when the IP address of the server is changed. The
server's new address is resolved using gethostbyname() on
this machine. The /etc/nsswitch.conf file must point to
the correct source for the hosts entry for this resolution
-C Specify to clear rather than set the public key.
Communication with a server that has no public key does
not require the use of secure RPC.
-H host Limit key changes only to the server named host. If the
hostname is not a fully qualified NIS+ name, then it is
assumed to be a host in the default domain. If the named
host does not serve the directory, no action is taken.
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000
-s Update all the NIS+ directory objects served by the
specified server. This assumes that the caller has
adequate access rights to change all the associated
directory objects. If the NIS+ principal making this call
does not have adequate permissions to update the directory
objects, those particular updates will fail and the caller
will be notified. If the rpc.nisd on host cannot return
the list of servers it serves, the command will print an
error message. The caller would then have to invoke
nisupdkeys multiple times (as in the first SYNOPSIS), once
per NIS+ directory that it serves.
The following example updates the keys for servers of the foo.bar.
This example updates the key for host fred which serves the foo.bar.
nisupdkeys -H fred foo.bar.
This example clears the public key for host wilma in the foo.bar.
nisupdkeys -CH wilma foo.bar.
This example updates the public key in all directory objects that are
served by the host wilma.
nisupdkeys -s -H wilma
nisupdkeys was developed by Sun Microsystems, Inc.
chkey(1), niscat(1), nisaddcred(1M), gethostent(3N), nis_objects(3N).
The user executing this command must have modify access to the
directory object for it to succeed. The existing directory object can
be displayed with the niscat(1) command using the -o option.
This command does not update the directory objects stored in the
NIS_COLD_START file on the NIS+ clients.
If a server is also the root master server, then nisupdkeys -s cannot
be used to update the root directory.
Hewlett-Packard Company - 2 - HP-UX Release 11i: November 2000