Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing and Administering NFS Services with 10.20 ACE and HWE: HP 9000 Networking > Chapter 4 Configuring and Administering NIS

Configuring and Administering Secure RPC
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Configuring secure RPC allows you to write applications that use secure RPC. You must be running NIS in order to use secure RPC.

NOTE: Secure NFS, the ability to export and mount directories with the secure option, is not supported on HP-UX.

Configuring and administering secure RPC involves the following tasks:

To Have Users Create their Secure RPC Keys

  1. In the /etc/publickey file on the NIS master server, make sure the entry for user nobody exists and is not commented out (is not preceded by #).

  2. Tell each user in your NIS domain to issue the chkey command:

    /usr/bin/chkey

    At the Password prompt, the user should enter his or her login password.

The chkey command displays a message saying it is generating a key for unix.UID@NIS_domain. This string identifies the user in the publickey.byname NIS map. UID is the user ID of the user for whom the key is being generated, and NIS_domain is the default NIS domain, returned by the domainname command.

The secure RPC key is encrypted with the user's login password. The /usr/bin/yppasswd command reencrypts the secure RPC key with the new password whenever a user changes the login password.

In order for users to create keys for themselves with the chkey command, the publickey.byname map must have an entry for user nobody. If you remove the entry for user nobody, users can change their secure RPC keys with the chkey command, but they cannot create keys if they do not already have them.

For more information, see the following man pages: publickey(4), chkey(1), and yppasswd(1).

To Create Secure RPC Keys for Users

Use this procedure if you do not want users to be able to create their own secure RPC keys.

  1. Log in as root to the NIS master server.

  2. Comment out the entry in the /etc/publickey file for user nobody. (Insert a sharp sign [#] as the first character on the line.)

  3. Issue the following commands to regenerate the publickey.byname map from the /etc/publickey file and push it to the slave servers:

    cd /var/yp
    /usr/ccs/bin/make publickey

  4. Issue the newkey -u command for each user in your NIS domain:

    # /usr/sbin/newkey -u username

    Enter a password when prompted for it by the newkey -u command.

  5. Tell users the passwords you assigned for them. Users should issue the /usr/bin/keylogin command, using the passwords you assigned. Then, they should issue the /usr/bin/yppasswd command to change their login passwords. The yppasswd command will reencrypt their secure RPC keys with their new login passwords.

The newkey -u command displays a message saying it is adding a key for unix.UID@NIS_domain. This string identifies the user in the publickey.byname NIS map. UID is the user ID of the user for whom the key is being generated, and NIS_domain is the default NIS domain, returned by the domainname command.

For more information, see the following man pages: publickey(4), newkey(1M), chkey(1), keylogin(1), yppasswd(1), make(1), ypmake(1M), and yppush(1M).

To Create Secure RPC Keys for Hosts

  1. Log in as root to the NIS master server.

  2. Issue the newkey -h command for each host in your NIS domain:

    # /usr/sbin/newkey -h hostname

  3. Enter the root password for hostname when prompted for it by the newkey -h command.

  4. On each host for which you have just created a secure RPC key, log in as root. This registers the secure RPC password with the /usr/sbin/keyserv daemon.

The newkey -h command displays a message saying it is adding a key for unix.hostname@NIS_domain. This string identifies the host in the publickey.byname NIS map.

Whenever you change the root password with the passwd command, the passwd command automatically reencrypts the secure RPC key with the new root password.

For more information, see the following man pages: newkey(1M), publickey(4), passwd(1), and keyserv(1M).

To Tell Users How to Use Secure RPC

Tell the users who require secure RPC authorization to follow these guidelines:

  • If you allow users to create their own secure RPC keys with the chkey command, they should enter their login passwords at the Password prompt.

  • If you use the newkey -u command to add users to the publickey database, users should issue the /usr/bin/keylogin command using the password you assigned. Then, they should issue the /usr/bin/yppasswd command to change their login passwords. The yppasswd command will automatically reencrypt their secure RPC keys with their new passwords.

  • When users log into a host without supplying a password (for example, when they use rlogin to log into a host that has their local host configured in /etc/hosts.equiv), they should issue the /usr/bin/keylogin command after logging in, to register the secure RPC password with the /usr/sbin/keyserv daemon.

For more information, see the following man pages: publickey(4), newkey(1M), chkey(1), keylogin(1), yppasswd(1), rlogin(1).



Configuring and Administering an NIS Client
  		 


Summary of NIS Commands  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1998 Hewlett-Packard Development Company, L.P.