|
|
If you are planning on running secure RPC as a means of providing secure networking, you need to prepare the publickey(4bnu) file.
This file consists of three fields in the following format:
user name user public key : user secret keywhere user name is the name of a user or of a machine, user public key is that key in hexadecimal notation, and user secret key is that key also in hexadecimal notation, encrypted by the user's password.
If you are not familiar with hexadecimal notation, the command
newkey(1Mbnu)
is provided.
To create publickey file entries,
become the NIS administrator at the master server and invoke newkey
for a given user by entering:
newkey -u username
or for the NIS administrator on a given host machine by entering:
newkey -h hostname
At the prompt, type the appropriate secure RPC or network password. The program will then create a new public/secret key pair in /etc/publickey, encrypted with the secure RPC or network password of the given user.
Users can later modify their own entries by using the command
chkey(1bnu).
To modify publickey file entries,
enter:
chkey
on the server, and then respond to prompts from the command.
Note that the
keyserv(1Mbnu)
daemon must be running
before issuing the newkey or chkey command.
To see if the keyserv daemon is running, enter:
ps -eaf | grep keyserv
and check for output similar to the following:
root 2731 1 0 14:20:23 ? 0:00 /usr/sbin/keyservIf the keyserv daemon is not running, secure RPC may not be properly set up. See ``Administering Remote Procedure Calls (RPC)'' for more information about keyserv.
A typical chkey session would look like this:
willow$ chkey
Generating new key for username
Password: user enters password
Retype password: password
Sending key change request to server...
Done.
willow$
Note that in order for newkey and chkey
to run properly, the daemon
ypupdated(1Mnis)
must be running in the master server.
If it is not running at this point, enter:
/usr/lib/netsvc/yp/ypupdated
You must also make sure that the file /etc/inet.d/nis contains the lines:
if [ -x /usr/lib/netsvc/yp/ypupdated ] then /usr/lib/netsvc/yp/ypupdated > /dev/console 2>&1 fiThe ypupdated daemon consults the file /var/yp/updaters for information about which maps should be updated and how to go about it. In the case of the publickey map, changes to /etc/publickey effected through newkey or chkey are mediated by /usr/sbin/udpublickey.
updaters is a make file installed by default with an entry for /etc/publickey. If you modify publickey's directory in /var/yp/Makefile (that is, if you want the publickey file to be in a directory other than /etc), modify the variable DIR in the updaters file in a manner similar to that described in ``Modifying the Makefile''.