keylogin(1) manual page
Table of Contents
keylogin - decrypt and store secret key with keyserv
/usr/bin/keylogin
[ -r ]
SUNWcsu
The keylogin command prompts for
a password, and uses it to decrypt the user’s secret key. The key may be
found in the /etc/publickey file (see publickey(4)
) or the NIS
map ‘‘publickey.byname’’
or the NIS
+ table ‘‘cred.org_dir’’ in the user’s home domain. The sources and
their lookup order are specified in the /etc/nsswitch.conf file (see nsswitch.conf(4)
).
Once decrypted, the user’s secret key is stored by the local key server
process, keyserv(1M)
. This stored key is used when issuing requests to any
secure RPC services, such as NFS
or NIS
+. The program keylogout(1)
can be
used to delete the key stored by keyserv.
keylogin will fail if it cannot
get the caller’s key, or the password given is incorrect. For a new user
or host, a new key can be added using newkey(1M)
, nisaddcred(1M)
, or nisclient(1M)
.
- -r
- Update the /etc/.rootkey file. This file holds the unencrypted secret
key of the super-user. Only the super-user may use this option. It is used
so that processes running as super-user can issue authenticated requests
without requiring that the administrator explicitly run keylogin as super-user
at system startup time (see keyserv(1M)
). The -r option should be used by
the administrator when the host’s entry in the publickey database has changed,
and the /etc/.rootkey file has become out-of-date with respect to the actual
key pair stored in the publickey database. The permissions on the /etc/.rootkey
file are such that it may be read and written by the super-user but by no
other user on the system.
- /etc/.rootkey
- super-user’s secret key
chkey(1)
, keylogout(1)
, login(1)
, keyserv(1M)
, newkey(1M)
, nisaddcred(1M)
,
nisclient(1M)
, publickey(4)
, nsswitch.conf(4)
Table of Contents