Trusted Solaris Operating System - Technical FAQs

Question

After I update tnrhdb or tnrhtp, why aren't my changes effective immediately? Even after I ran tnctl(1MTSOL), I didn't see any changes to the NIS+ databases. What can I do?

Answer

The security administrator role uses the Database Manager to make changes to the trusted network configuration files, because neither the NIS+ databases nor the local files should be edited directly. When launching the Database Manager, the secadmin specifies whether to load local files or NIS+ databases, and the Database Manager automatically updates the local files or NIS+ databases as soon as changes are made.

You can never see changes to the NIS+ databases after running tnctl, because tnctl only updates the kernel cache for any changes made to the local /etc/tn* files.

It takes around 30 minutes for the trusted network daemon, tnd(1MTSOL), to poll the NIS+ databases for the changes. If you need an update sooner, do Procedure 1 to temporarily shorten the polling period.

NOTE: In the Trusted Solaris 2.5 environment, use of the Database Manager on any host other than the NIS+ master clobbers the time stamp. To avoid this, do Procedure 2.

Check to make sure the nsswitch.conf(4TSOL) file has the appropriate entries as shown in Related Information.

1. Do Procedure 1 on the NIS+ master
2. Assume the system administrator role and run nistntime:
   
   

   $ nistntime<name_of_changed_configuration_file>

Related Information

To ensure that the trusted network entries are being looked at on the NIS+ server, check that the /etc/nsswitch.conf file on the client has lines like the following:

On a standalone host not running NIS+, an acceptable entry would be:

Applies to Trusted Solaris Release

2.5, 2.5.1

Related Documentation

See the chapters about administering trusted networking in "Managing Hosts and Networks" in the Trusted Solaris Administrator's Procedures manual at docs.sun.com.