• Part I
  • sun managers I
• Part D
  • sun managers D
• Part L
  • sun managers L
• Part H
  • sun managers H
• Part B
  • sun managers B
• Part E
  • sun managers E
• Part J
  • sun managers J
• Part F
  • sun managers F
• Part C
  • sun managers C
• Part K
  • sun managers K

SITEMAP

Readdressing a NIS+ root master server

I asked whether it was possible to readdress a NIS+ root master

server without invalidating the NIS+ user credentials.

For those unfamiliar with NIS+ (and in this case, ignorance really

is bliss :-}), it contains security features to prevent packet

spoofing and other mischief. In particular, various network

messages are encrypted with keys that in turn depend on the server's

IP address. Change the IP address, invalidate the keys.

Alan K. K. Kong (kkkong@ee.cuhk.edu.hk) said the procedure in Sun's

NIS+ Tip Sheet worked for him. Asim Zuberi (asim@psa.pencom.com)

was also hopeful.

Not Kevin Davidson (tkld@cogsci.ed.ac.uk, though. All his users

had to issue "nisclient -u" the first time they logged in after

the address change. But he had a clever idea:

> 1) Attach the ethernet card to your server and put that on its new

> network.

> 2) boot -rs

> 3) arrange for /etc/hostname.le1 to have the server's name and alter

> /etc/hosts (and hosts table) for new IP address. /etc/hostname.le0 > should contain a name that resolves to the `old' IP address.

> 4) init 6

> 5) nisupdkeys -a

> 6) mv /etc/hostname.le1 /etc/hostname.le0

> 7) init 0

> 8) remove ethernet card

> 9) boot

The catch: He said it "may" work, so apparently it's untested.

Brian Davies (daviesb-cos3@kaman.com) was also pessimistic.

When he readdressed his server, he changed all user passwords to a

known value and used "nisclient -co username" to recreate the

credentials. He added "nispasswd -f username" to force the users

to change their passwords immediately.

Finally, one user answered:

> Illicitly collect your user's passwords. Probably not the answer

> you're looking for.

I would give his name but perhaps he doesn't want his customers

to know. :-)

I asked my question because we were having problems with the server's

subnet. Now it appears we will get a resolution. If so, I may

never have to readdress the server and thus may never gain any

practical experience in the process. If not, I will try to remember

to post a report from the trenches.

--
Jim Stern -- Views here are my own, not Northrop Grumman's. (El
Segundo, CA)

Comments

"sun managers K [Part K]" Sponsored Links

• "sun managers K [Part K]" New Questiones!

  • Read a tape past EOT
  • Read a Kodak CD
  • read a 8mm tape
  • Re[2]:SUM:Volume Manager and 450 Ultra Enterprise
  • Re[2]: vi with no shell
  • Re; Format
  • RE- Sun Resellers
  • Re- SSA, VM, root disks?/Follow-up questions
  • RE- non-zero exit status
  • rdump
  • rdist's special command
  • rdist,rcp are out..how about ftp?
  • rdist suddenly stops working.
  • rdist and HP-UX
  • rdist "Is a directory" errors
  • rcp: permission denied
  • rcp speed deltas + more questions
  • rcp not possible
  • Raw disk partitions
  • Rarp to get IP address

Copyright © 2008 thatsjava.com • All rights reserved • CMS Theme by WebmasterFund.com - 0.188