keylogin(1) - osol9

1keylogin(1)                      User Commands                     keylogin(1)
2
3
4

NAME

6       keylogin - decrypt and store secret key with keyserv
7

SYNOPSIS

9       /usr/bin/keylogin [-r]
10
11

DESCRIPTION

13       The keylogin command prompts for a password, and uses it to decrypt the
14       user's secret key. The key can be found in the /etc/publickey file (see
15       publickey(4))  or  the  NIS map ``publickey.byname'' or the  NIS+ table
16       ``cred.org_dir'' in the user's  home  domain.  The  sources  and  their
17       lookup  order  are  specified  in the /etc/nsswitch.conf file. See nss‐
18       witch.conf(4). Once decrypted, the user's secret key is stored  by  the
19       local  key  server  process,  keyserv(1M). This stored key is used when
20       issuing requests to any secure RPC services, such as NFS or  NIS+.  The
21       program keylogout(1) can be used to delete the key stored by keyserv .
22
23
24       keylogin fails if it cannot get the caller's key, or the password given
25       is incorrect. For a new user or host, a new  key  can  be  added  using
26       newkey(1M), nisaddcred(1M), or nisclient(1M).
27
28
29       If  multiple  authentication  mechanisms are configured for the system,
30       each of the configured mechanism's secret key is decrypted  and  stored
31       by   keyserv(1M).  See  nisauthconf(1M)  for information on configuring
32       multiple authentication mechanisms.
33

OPTIONS

35       The following options are supported:
36
37       -r    Update the /etc/.rootkey file. This file  holds  the  unencrypted
38             secret  key  of  the  superuser.  Only the superuser can use this
39             option. It is used so that processes  running  as  superuser  can
40             issue  authenticated requests without requiring that the adminis‐
41             trator explicitly run keylogin as  superuser  at  system  startup
42             time. See keyserv(1M). The -r option should be used by the admin‐
43             istrator when the host's entry  in  the  publickey  database  has
44             changed,  and  the /etc/.rootkey file has become out-of-date with
45             respect to the actual key pair stored in the publickey  database.
46             The permissions on the /etc/.rootkey file are such that it can be
47             read and written by the superuser but by no  other  user  on  the
48             system.
49
50             If multiple authentication mechanisms are configured for the sys‐
51             tem, each of the configured mechanism's secret keys is stored  in
52             the /etc/.rootkey file.
53
54

FILES

56       /etc/.rootkey    superuser's secret key
57
58

ATTRIBUTES

60       See attributes(5) for descriptions of the following attributes:
61
62
63
64
65       ┌─────────────────────────────┬─────────────────────────────┐
66       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
67       ├─────────────────────────────┼─────────────────────────────┤
68       │Availability                 │SUNWcsu                      │
69       └─────────────────────────────┴─────────────────────────────┘
70

NOTES

77       NIS+ might not be supported in future releases of the Solaris operating
78       system. Tools to aid the migration from NIS+ to LDAP are  available  in
79       the    current   Solaris   release.   For   more   information,   visit
80       http://www.sun.com/directory/nisplus/transition.html.
81
82
83
84SunOS 5.11                        2 Dec 2005                       keylogin(1)