1keylogin(1) User Commands keylogin(1)
2
3
4
6 keylogin - decrypt and store secret key with keyserv
7
9 /usr/bin/keylogin [-r]
10
11
13 The keylogin command prompts for a password, and uses it to decrypt the
14 user's secret key. The key can be found in the /etc/publickey file (see
15 publickey(4)) or the NIS map ``publickey.byname'' or the NIS+ table
16 ``cred.org_dir'' in the user's home domain. The sources and their
17 lookup order are specified in the /etc/nsswitch.conf file. See nss‐
18 witch.conf(4). Once decrypted, the user's secret key is stored by the
19 local key server process, keyserv(1M). This stored key is used when
20 issuing requests to any secure RPC services, such as NFS or NIS+. The
21 program keylogout(1) can be used to delete the key stored by keyserv .
22
23
24 keylogin fails if it cannot get the caller's key, or the password given
25 is incorrect. For a new user or host, a new key can be added using
26 newkey(1M), nisaddcred(1M), or nisclient(1M).
27
28
29 If multiple authentication mechanisms are configured for the system,
30 each of the configured mechanism's secret key is decrypted and stored
31 by keyserv(1M). See nisauthconf(1M) for information on configuring
32 multiple authentication mechanisms.
33
35 The following options are supported:
36
37 -r Update the /etc/.rootkey file. This file holds the unencrypted
38 secret key of the superuser. Only the superuser can use this
39 option. It is used so that processes running as superuser can
40 issue authenticated requests without requiring that the adminis‐
41 trator explicitly run keylogin as superuser at system startup
42 time. See keyserv(1M). The -r option should be used by the admin‐
43 istrator when the host's entry in the publickey database has
44 changed, and the /etc/.rootkey file has become out-of-date with
45 respect to the actual key pair stored in the publickey database.
46 The permissions on the /etc/.rootkey file are such that it can be
47 read and written by the superuser but by no other user on the
48 system.
49
50 If multiple authentication mechanisms are configured for the sys‐
51 tem, each of the configured mechanism's secret keys is stored in
52 the /etc/.rootkey file.
53
54
56 /etc/.rootkey superuser's secret key
57
58
60 See attributes(5) for descriptions of the following attributes:
61
62
63
64
65 ┌─────────────────────────────┬─────────────────────────────┐
66 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
67 ├─────────────────────────────┼─────────────────────────────┤
68 │Availability │SUNWcsu │
69 └─────────────────────────────┴─────────────────────────────┘
70
72 chkey(1), keylogout(1), login(1), keyserv(1M), newkey(1M), nisadd‐
73 cred(1M), nisauthconf(1M), nisclient(1M), nsswitch.conf(4), pub‐
74 lickey(4), attributes(5)
75
77 NIS+ might not be supported in future releases of the Solaris operating
78 system. Tools to aid the migration from NIS+ to LDAP are available in
79 the current Solaris release. For more information, visit
80 http://www.sun.com/directory/nisplus/transition.html.
81
82
83
84SunOS 5.11 2 Dec 2005 keylogin(1)