1newkey(1M) System Administration Commands newkey(1M)
2
3
4
6 newkey - create a new Diffie-Hellman key pair in the publickey database
7
9 newkey -h hostname [-s nisplus | nis | files | ldap]
10
11
12 newkey -u username [-s nisplus | nis | files | ldap]
13
14
16 newkey establishes new public keys for users and machines on the net‐
17 work. These keys are needed when using secure RPC or secure NFS ser‐
18 vice.
19
20
21 newkey prompts for a password for the given username or hostname and
22 then creates a new public/secret Diffie-Hellman 192 bit key pair for
23 the user or host. The secret key is encrypted with the given password.
24 The key pair can be stored in the /etc/publickey file, the NIS pub‐
25 lickey map, or the NIS+ cred.org_dir table.
26
27
28 newkey consults the publickey entry in the name service switch configu‐
29 ration file (see nsswitch.conf(4)) to determine which naming service is
30 used to store the secure RPC keys. If the publickey entry specifies a
31 unique name service, newkey will add the key in the specified name ser‐
32 vice. However, if there are multiple name services listed, newkey can‐
33 not decide which source to update and will display an error message.
34 The user is required to specify the source explicitly with the -s
35 option.
36
37
38 In the case of NIS, newkey should be run by the superuser on the master
39 NIS server for that domain. In the case of NIS+, newkey should be run
40 by the superuser on a machine which has permission to update the
41 cred.org_dir table of the new user/host domain.
42
43
44 In the case of NIS+, nisaddcred(1M) should be used to add new keys.
45 newkey cannot be used to create keys other than 192-bit Diffie-Hellman.
46
47
48 In the case of LDAP, newkey should be run by the superuser on a machine
49 that also recognizes the directory manager's bind distinguished name
50 (DN) and password to perform an LDAP update for the host.
51
53 -h hostname Create a new public/secret key pair for the privileged
54 user at the given hostname. Prompts for a password for
55 the given hostname.
56
57
58 -u username Create a new public/secret key pair for the given user‐
59 name. Prompts for a password for the given username.
60
61
62 -s nisplus Update the database in the specified source: nisplus
63 -s nis (for NIS+), nis (for NIS), files, or ldap (LDAP). Other
64 -s files sources may be available in the future.
65 -s ldap
66
68 See attributes(5) for descriptions of the following attributes:
69
70
71
72
73 ┌─────────────────────────────┬─────────────────────────────┐
74 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
75 ├─────────────────────────────┼─────────────────────────────┤
76 │Availability │SUNWcsu │
77 └─────────────────────────────┴─────────────────────────────┘
78
80 chkey(1), keylogin(1), nisaddcred(1M), nisclient(1M), nsswitch.conf(4),
81 publickey(4), attributes(5)
82
84 NIS+ might not be supported in future releases of the Solaris operating
85 system. Tools to aid the migration from NIS+ to LDAP are available in
86 the current Solaris release. For more information, visit
87 http://www.sun.com/directory/nisplus/transition.html.
88
89
90
91SunOS 5.11 13 Nov 2003 newkey(1M)