I found a solution that works. User davem Add credentials for davem both LOCAL and DES % nisaddcred -p 12409 -P davem.daveo.gov. local % nisaddcred -p unix.12409@daveo.gov -P davem.daveo.gov. des Enter davem's login password: nisaddcred: WARNING: password differs from login password. Retype password: Adding key pair for unix.12409@daveo.gov (davem.daveo.gov.). :/opt/nis/sources[247]% When it prompts for a password enter a dummy password for the user which they will use later The next time the user logs in they will see this message % ssh -l davem cc davem@cc's password: Permission denied, please try again. davem@cc's password: Password does not decrypt secret key (type = 192-0) for 'unix.12409@daveo.gov'. Password does not decrypt any secret keys for unix.12409@daveo.gov. At which time they will issue two commands and when it prompts for the password after typing keylogin and for the Secure-RPC password have the user enter the dummy password you created above. % keylogin Password: davem@cc:/home/davem[2]% chkey -p Updating nisplus publickey database. Reencrypting key for 'unix.12409@daveo.gov'. Please enter the Secure-RPC password for davem: Please enter the login password for davem: davem@cc:/home/davem[3]% The users credentials should now be up to date. The users Secure RPC password should now match their login password. When the user tries to change their Unix password it should work without errors. Below is my original question Is there a way to update a users NIS+ LOCAL and DES credentials without having to know their password? Both the nisclient and nisaddcred commands prompt for the password of the user. I have a user account that changed UID's and the cred table entry for this user has their old UID in it and needs to change to their new one. Thanks. Dave Martini LLNL # nisclient -co davem You will be adding DES credentials in domain davetest.gov. for davem ** nisclient will overwrite existing entries in the credential ** table for hosts and users specified above. Do you want to continue? (type 'y' to continue, 'n' to exit this script) y checking davetest.gov. domain... checking cred.org_dir.davetest.gov. permission... ... overwriting the existing entry for principal davem! adding LOCAL credential for davem... adding DES credential for davem... Enter davem's login password: # nisaddcred -p unix.32749@llnl.gov -P davem.davetest.gov. des Enter davem's login password: _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Thu Mar 12 14:25:16 2009
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:13 EST