1keyserv(1M)             System Administration Commands             keyserv(1M)
2
3
4

NAME

6       keyserv - server for storing private encryption keys
7

SYNOPSIS

9       keyserv [-c] [-d | -e] [-D] [-n] [-s sizespec]
10
11

DESCRIPTION

13       keyserv  is  a  daemon  that is used for storing the private encryption
14       keys of each user logged into the system.  These  encryption  keys  are
15       used for accessing secure network services such as secure NFS and NIS+.
16
17
18       Normally,  root's key is read from the file /etc/.rootkey when the dae‐
19       mon is started. This is useful during power-fail reboots when no one is
20       around to type a password.
21
22
23       keyserv  does  not  start  up  if the system does not have a secure rpc
24       domain configured. Set up the domain name by using the /usr/bin/domain‐
25       name command. Usually the svc:/system/identity:domain service reads the
26       domain from /etc/defaultdomain. Invoking the domainname command without
27       arguments tells you if you have a domain set up.
28
29
30       The  /etc/default/keyserv file contains the following default parameter
31       settings. See .
32
33       ENABLE_NOBODY_KEYS    Specifies whether default  keys  for  nobody  are
34                             used.  ENABLE_NOBODY_KEYS=NO is equivalent to the
35                             -d command-line option.  The  default  value  for
36                             ENABLE_NOBODY_KEYS is YES.
37
38

OPTIONS

40       The following options are supported:
41
42       -c             Do  not  use  disk  caches. This option overrides any -s
43                      option.
44
45
46       -D             Run in debugging mode and log all requests to keyserv.
47
48
49       -d             Disable the use of default keys for nobody. See .
50
51
52       -e             Enable the use of default keys for nobody. This  is  the
53                      default behavior. See .
54
55
56       -n             Root's  secret  key  is  not  read  from  /etc/.rootkey.
57                      Instead, keyserv prompts the user for  the  password  to
58                      decrypt  root's key stored in the publickey database and
59                      then stores  the  decrypted  key  in  /etc/.rootkey  for
60                      future  use.  This option is useful if the /etc/.rootkey
61                      file ever gets out of date or corrupted.
62
63
64       -s sizespec    Specify the size of the extended  Diffie-Hellman  common
65                      key  disk caches. The sizespec can be one of the follow‐
66                      ing forms:
67
68                      mechtype=size    size is an integer specifying the maxi‐
69                                       mum  number of entries in the cache, or
70                                       an integer immediately followed by  the
71                                       letter  M, denoting the maximum size in
72                                       MB.
73
74
75                      size             This form of sizespec  applies  to  all
76                                       caches.
77
78                      See  nisauthconf(1M)  for mechanism types. Note that the
79                      des mechanism, AUTH_DES, does not use a disk cache.
80
81

FILES

83       /etc/.rootkey
84
85
86       /etc/default/keyserv    Contains default settings. You can use command-
87                               line options to override these settings.
88
89

ATTRIBUTES

91       See attributes(5) for descriptions of the following attributes:
92
93
94
95
96       ┌─────────────────────────────┬─────────────────────────────┐
97       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
98       ├─────────────────────────────┼─────────────────────────────┤
99       │Availability                 │SUNWcsu                      │
100       └─────────────────────────────┴─────────────────────────────┘
101

SEE ALSO

103       keylogin(1),  svcs(1),  keylogout(1), nisauthconf(1M), svcadm(1M), pub‐
104       lickey(4), attributes(5), smf(5)
105
106
107       http://www.sun.com/directory/nisplus/transition.html
108

NOTES

110       NIS+ might not be supported in future releases of the Solaris operating
111       system.  Tools  to aid the migration from NIS+ to LDAP are available in
112       the   current   Solaris   release.   For   more   information,    visit
113       http://www.sun.com/directory/nisplus/transition.html.
114
115
116       The  keyserv  service  is  managed  by the service management facility,
117       smf(5), under the service identifier:
118
119         svc:/network/rpc/keyserv:default
120
121
122
123
124       Administrative actions on this service, such as enabling, disabling, or
125       requesting  restart,  can  be performed using svcadm(1M). The service's
126       status can be queried using the svcs(1) command.
127
128
129
130SunOS 5.11                        4 Jan 2002                       keyserv(1M)
Impressum