1keyserv(1M) System Administration Commands keyserv(1M)
2
3
4
6 keyserv - server for storing private encryption keys
7
9 keyserv [-c] [-d | -e] [-D] [-n] [-s sizespec]
10
11
13 keyserv is a daemon that is used for storing the private encryption
14 keys of each user logged into the system. These encryption keys are
15 used for accessing secure network services such as secure NFS and NIS+.
16
17
18 Normally, root's key is read from the file /etc/.rootkey when the dae‐
19 mon is started. This is useful during power-fail reboots when no one is
20 around to type a password.
21
22
23 keyserv does not start up if the system does not have a secure rpc
24 domain configured. Set up the domain name by using the /usr/bin/domain‐
25 name command. Usually the svc:/system/identity:domain service reads the
26 domain from /etc/defaultdomain. Invoking the domainname command without
27 arguments tells you if you have a domain set up.
28
29
30 The /etc/default/keyserv file contains the following default parameter
31 settings. See .
32
33 ENABLE_NOBODY_KEYS Specifies whether default keys for nobody are
34 used. ENABLE_NOBODY_KEYS=NO is equivalent to the
35 -d command-line option. The default value for
36 ENABLE_NOBODY_KEYS is YES.
37
38
40 The following options are supported:
41
42 -c Do not use disk caches. This option overrides any -s
43 option.
44
45
46 -D Run in debugging mode and log all requests to keyserv.
47
48
49 -d Disable the use of default keys for nobody. See .
50
51
52 -e Enable the use of default keys for nobody. This is the
53 default behavior. See .
54
55
56 -n Root's secret key is not read from /etc/.rootkey.
57 Instead, keyserv prompts the user for the password to
58 decrypt root's key stored in the publickey database and
59 then stores the decrypted key in /etc/.rootkey for
60 future use. This option is useful if the /etc/.rootkey
61 file ever gets out of date or corrupted.
62
63
64 -s sizespec Specify the size of the extended Diffie-Hellman common
65 key disk caches. The sizespec can be one of the follow‐
66 ing forms:
67
68 mechtype=size size is an integer specifying the maxi‐
69 mum number of entries in the cache, or
70 an integer immediately followed by the
71 letter M, denoting the maximum size in
72 MB.
73
74
75 size This form of sizespec applies to all
76 caches.
77
78 See nisauthconf(1M) for mechanism types. Note that the
79 des mechanism, AUTH_DES, does not use a disk cache.
80
81
83 /etc/.rootkey
84
85
86 /etc/default/keyserv Contains default settings. You can use command-
87 line options to override these settings.
88
89
91 See attributes(5) for descriptions of the following attributes:
92
93
94
95
96 ┌─────────────────────────────┬─────────────────────────────┐
97 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
98 ├─────────────────────────────┼─────────────────────────────┤
99 │Availability │SUNWcsu │
100 └─────────────────────────────┴─────────────────────────────┘
101
103 keylogin(1), svcs(1), keylogout(1), nisauthconf(1M), svcadm(1M), pub‐
104 lickey(4), attributes(5), smf(5)
105
106
107 http://www.sun.com/directory/nisplus/transition.html
108
110 NIS+ might not be supported in future releases of the Solaris operating
111 system. Tools to aid the migration from NIS+ to LDAP are available in
112 the current Solaris release. For more information, visit
113 http://www.sun.com/directory/nisplus/transition.html.
114
115
116 The keyserv service is managed by the service management facility,
117 smf(5), under the service identifier:
118
119 svc:/network/rpc/keyserv:default
120
121
122
123
124 Administrative actions on this service, such as enabling, disabling, or
125 requesting restart, can be performed using svcadm(1M). The service's
126 status can be queried using the svcs(1) command.
127
128
129
130SunOS 5.11 4 Jan 2002 keyserv(1M)