Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Task 4: Set the Encryption Method for NIS Domains

Updated: August 22, 2005

Applies To: Windows Server 2003 R2

Server for Network Information Service (NIS) provides limited support for keeping passwords synchronized between a user's Windows and UNIX accounts. Whenever a user's Windows password is changed, Password Synchronization (which is installed with Server for NIS for this reason) captures the new password, encrypts it, and then stores the password in the passwd map in Active Directory. The new password is propagated to NIS subordinate (also known as slave) servers either during the next scheduled update (if a propagation interval is configured), or by using commands that propagate maps immediately. For more information about configuring map propagation, see Task 3: Set the Frequency of Map Propagation.

When synchronizing passwords, Server for NIS can use either crypt(3) (refers to DES encryption) or Message Digest 5 (MD5) encryption. Server for NIS can support different encryption methods for multiple domains, but all UNIX computers in a particular domain must use the same encryption method.

This topic contains the following sections:

Setting the Encryption Method for a Domain

Completing Server for NIS Configuration Tasks

Setting the Encryption Method for a Domain

You can set the encryption method for a domain either by using the Windows interface, or working in a command-line environment.

Using the Windows interface

Using a command line

Using the Windows interface

  1. Open the Identity Management for UNIX management console by doing one of the following:

    • Click Start, click Administrative Tools, and then click Identity Management for UNIX.

    • Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.

  2. If necessary, connect to the computer you want to manage by right-clicking the Identity Management for UNIX node in the hierarchy pane, and then clicking Connect to another computer. Otherwise, go on to Step 3.

  3. In the console tree, expand Server for NIS and view the list of NIS domains.

  4. Select the domain for which you want to set an encryption method.

  5. Open the UNIX Password Encryption Properties dialog box by doing one of the following:

    • Click UNIX Password Encryption in the Actions pane.

    • On the Actions menu, click UNIX Password Encryption.

    • Right-click the selected domain, then click UNIX Password Encryption.

  6. In the Encryption Scheme area, click the drop-down menu to select the encryption method used by all UNIX computers in the domain.

noteNote
You can select the MD5 encryption method for a UNIX domain that consists exclusively of computers running Linux and using MD5 encryption. Domains that contain one or more computers using the crypt algorithm or that run any other operating system must use crypt. Although Linux versions 6.2 and later support MD5 encryption, Identity Management for UNIX is not supported for versions of Linux prior to version 8.

Using a command line

  1. Open a Command Prompt window in one of the following two ways:

    • Click Start, and then click Command Prompt on the Start menu.

    • Click Start, click Run, type cmd into the Open text box, and click OK.

  2. At a command prompt, type:

    nisadmin [computer] encryptiontype -d domain {crypt | md5} [-u usr [-p pword]]

     

    Argument Description

    computer

    Specifies the remote computer you want to administer. You can specify the computer using a WINS or DNS name, or by Internet Protocol (IP) address.

    domain

    Specifies the name of the domain for which the change is being made.

    usr

    Specifies the user name of the user whose credentials are to be used. It might be necessary to add the domain name to the user name in the form domain\username.

    pword

    Specifies the password of the user specified using the -u option. If you specify the -u option but omit the -p option, you are prompted for the user's password.

noteNote
To view the complete syntax for this command, at a command prompt, type:

nisadmin /?

You can select the MD5 encryption method for a UNIX domain that consists exclusively of computers running Linux and using MD5 encryption. Domains that contain one or more computers using crypt or that run any other operating system must use crypt. Although Linux versions 6.2 and later support MD5 encryption, Identity Management for UNIX is not supported for versions of Linux prior to version 8.

Completing Server for NIS Configuration Tasks

You have completed all the tasks for initial setup of Server for NIS. If you want to configure Server for NIS on another computer, refer to the start of the Step-by-Step Guide to Setting Up Server for NIS.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.