This command updates the public keys in an NIS+ directory object. When the public key(s)
for a NIS+ server are changed, nisupdkeys reads a directory object and attempts to get the public key data for each server of that directory. These keys are placed in the directory object and the object is then modified to reflect the new keys. If directory
is present, the directory object for that directory is updated. Otherwise the directory object for the default domain is updated. The new key must be propagated to all directory objects that reference that server.
On the other hand, nisupdkeys -s gets a list of all the directories served by host and updates those directory objects. This assumes that the caller has adequate permission to change all the associated directory objects. The list of
directories being served by a given server can also be obtained by nisstat(1M). Before you do this operation, make sure that the new address/public key has been propagated to all replicas.
If multiple authentication mechanisms are configured using nisauthconf(1M), then the keys for those mechanisms will also be updated or cleared.
The user executing this command must have modify access to the directory object for it to succeed. The existing directory object can be displayed with the niscat(1)
command using the -o option.
This command does not update the directory objects stored in the NIS_COLD_START file on the NIS+ clients.
If a server is also the root master server, then nisupdkeys -s cannot be used to update the root directory.
|