Task 4: Set the Encryption Method for NIS Domains

Applies To: Windows Server 2003 R2

Server for Network Information Service (NIS) provides limited support for keeping passwords synchronized between a user's Windows and UNIX accounts. Whenever a user's Windows password is changed, Password Synchronization (which is installed with Server for NIS for this reason) captures the new password, encrypts it, and then stores the password in the passwd map in Active Directory. The new password is propagated to NIS subordinate (also known as slave) servers either during the next scheduled update (if a propagation interval is configured), or by using commands that propagate maps immediately. For more information about configuring map propagation, see Task 3: Set the Frequency of Map Propagation.

When synchronizing passwords, Server for NIS can use either crypt(3) (refers to DES encryption) or Message Digest 5 (MD5) encryption. Server for NIS can support different encryption methods for multiple domains, but all UNIX computers in a particular domain must use the same encryption method.

This topic contains the following sections:

Setting the Encryption Method for a Domain

Completing Server for NIS Configuration Tasks

Setting the Encryption Method for a Domain

You can set the encryption method for a domain either by using the Windows interface, or working in a command-line environment.

Using the Windows interface

Using a command line

Using the Windows interface

1. Open the Identity Management for UNIX management console by doing one of the following:

   • Click Start, click Administrative Tools, and then click Identity Management for UNIX.

   • Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.

2. If necessary, connect to the computer you want to manage by right-clicking the Identity Management for UNIX node in the hierarchy pane, and then clicking Connect to another computer. Otherwise, go on to Step 3.

3. In the console tree, expand Server for NIS and view the list of NIS domains.

4. Select the domain for which you want to set an encryption method.

5. Open the UNIX Password Encryption Properties dialog box by doing one of the following:

   • Click UNIX Password Encryption in the Actions pane.

   • On the Actions menu, click UNIX Password Encryption.

   • Right-click the selected domain, then click UNIX Password Encryption.

6. In the Encryption Scheme area, click the drop-down menu to select the encryption method used by all UNIX computers in the domain.

Using a command line

1. Open a Command Prompt window in one of the following two ways:

   • Click Start, and then click Command Prompt on the Start menu.

   • Click Start, click Run, type cmd into the Open text box, and click OK.

2. At a command prompt, type:

   nisadmin [computer] encryptiontype -d domain {crypt |** md5**} [-u usr [-p pword]]

   Argument	Description
   computer	Specifies the remote computer you want to administer. You can specify the computer using a WINS or DNS name, or by Internet Protocol (IP) address.
   domain	Specifies the name of the domain for which the change is being made.
   usr	Specifies the user name of the user whose credentials are to be used. It might be necessary to add the domain name to the user name in the form domain\username.
   pword	Specifies the password of the user specified using the -u option. If you specify the -u option but omit the -p option, you are prompted for the user's password.

Completing Server for NIS Configuration Tasks

You have completed all the tasks for initial setup of Server for NIS. If you want to configure Server for NIS on another computer, refer to the start of the Step-by-Step Guide to Setting Up Server for NIS.

See Also

Other Resources

Password encryption
Set the encryption method for a domain