To set the encryption method for a domain

Using the Windows interface

To set the encryption method for a domain by using Windows
  1. Open the Identity Management for UNIX management console by clicking Start, pointing to Administrative Tools, and then clicking Microsoft Identity Management for UNIX.

    You can also open the Identity Management for UNIX management console from within Server Manager, by expanding Roles and then Active Directory Domain Services in the hierarchy pane, and then selecting Microsoft Identity Management for UNIX.

  2. If necessary, connect to the computer you want to manage.

  3. In the console tree, expand Server for NIS and view the list of NIS domains.

  4. Select the domain for which you want to set an encryption method.

  5. Open the Properties dialog box for the selected domain by doing one of the following.

    • Right-click the selected domain, and then click Properties.

    • Click Properties in the Actions pane.

    • On the Action menu, click Properties.

  6. In the UNIX password encryption scheme area, select the encryption method you want all UNIX computers in the domain to use.

    Note

    You can select the MD5 encryption method for a UNIX domain that consists exclusively of computers running Linux and using MD5 encryption. Domains that contain one or more computers using the crypt algorithm or that run any other operating system must use crypt. Although Linux versions 6.2 and later support MD5 encryption, Identity Management for UNIX is not supported for versions of Linux prior to version 8.

Using a command line

To set the encryption method for a domain by using the command line
  • At a command prompt, type the following:

    nisadmin [computer] encryptiontype -d domain {crypt | md5} [-u usr [-p pword]]

The placeholders in the following table are arguments used in the command line to set the encryption method.

Argument Description

computer

Specifies the remote computer you want to administer. You can specify the computer using a WINS or DNS name, or by Internet Protocol (IP) address.

domain

Specifies the name of the domain for which the change is being made.

usr

Specifies the user name of the user whose credentials are to be used. It might be necessary to add the domain name to the user name in the form domain\username.

pword

Specifies the password of the user specified using the -u option. If you specify the -u option but omit the -p option, you are prompted for the user's password.

Notes
  • To view the complete syntax for this command, at a command prompt, type: nisadmin /?
  • You can select the MD5 encryption method for a UNIX domain that consists exclusively of computers running Linux and using MD5 encryption. Domains that contain one or more computers using crypt or that run any other operating system must use crypt. Although Linux versions 6.2 and later support MD5 encryption, Identity Management for UNIX is not supported for versions of Linux prior to version 8.
  • Password encryption can only be set to one encryption method at a time. Changing the encryption method invalidates user passwords. All passwords must be reset if the encryption method is changed.

See Also


Table Of Contents