unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

chkey(1)                         User Commands                        chkey(1)



NAME
       chkey - change user's secure RPC key pair

SYNOPSIS
       chkey [-p] [-s nisplus | nis | files | ldap]  [-m <mechanism>]

DESCRIPTION
       chkey  is  used to change a user's secure RPC public key and secret key
       pair. chkey prompts for the old secure-rpc password and  verifies  that
       it is correct by decrypting the secret key. If the user has not already
       used keylogin(1) to decrypt and store the secret key with  keyserv(1M),
       chkey  registers  the secret key with the local keyserv( 1M) daemon. If
       the secure-rpc password  does  not  match  the  login  password,  chkey
       prompts  for  the  login  password.  chkey  uses  the login password to
       encrypt the user's secret Diffie-Hellman (192 bit)  cryptographic  key.
       chkey  can  also  encrypt  other Diffie-Hellman keys for authentication
       mechanisms configured using nisauthconf(1M).

       chkey ensures that the login password and the  secure-rpc   password(s)
       are kept the same, thus enabling password shadowing. See shadow(4).

       The  key  pair  can  be  stored  in  the  /etc/publickey file (see pub-
       lickey(4)), the NIS publickey map, or the NIS+ cred.org_dir table. If a
       new  secret key is generated, it will be registered with the local key-
       serv(1M) daemon. However, only NIS+ can store Diffie-Hellman keys other
       than 192-bits.

       Keys for specific mechanisms can be changed or reencrypted using the -m
       option followed by the  authentication  mechanism  name.  Multiple   -m
       options  can  be  used to change one or more keys. However, only mecha-
       nisms configured using nisauthconf(1M) can be changed with  chkey.

       If the source of the  publickey is not specified with  the  -s  option,
       chkey consults the  publickey entry in the name service switch configu-
       ration file.  See nsswitch.conf(4). If the  publickey  entry  specifies
       one  and  only one source, then chkey will change the key in the speci-
       fied name service. However, if multiple name services are listed, chkey
       can  not  decide  which source to update and will display an error mes-
       sage. The user should specify the source explicitly with the -s option.

       Non root users are not allowed to change their key pair  in  the  files
       database.

OPTIONS
       The following options are supported:

       -p                      Re-encrypt  the  existing  secret  key with the
                               user's login password.



       -s nisplus              Update the  NIS+ database.



       -s nis                  Update the NIS database.



       -s files                Update the  files database.



       -s ldap                 Update the  LDAP database.



       -m <mechanism>          Changes or re-encrypt the secret  key  for  the
                               specified mechanism.



FILES
       /etc/nsswitch.conf


       /etc/publickey


ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:


       tab()     allbox;     cw(2.750000i)|    cw(2.750000i)    lw(2.750000i)|
       lw(2.750000i).  ATTRIBUTE TYPEATTRIBUTE VALUE AvailabilitySUNWcsu


SEE ALSO
       keylogin(1),  keylogout(1),  keyserv(1M),  newkey(1M),  nisaddcred(1M),
       nisauthconf(1M),     nsswitch.conf(4),     publickey(4),     shadow(4),
       attributes(5)

NOTES
       NIS+ might not be supported in future releases of the SolarisTM Operat-
       ing  Environment.  Tools  to  aid  the  migration from NIS+ to LDAP are
       available in the Solaris 9 operating environment. For more information,
       visit http://www.sun.com/directory/nisplus/transition.html.



SunOS 5.10                        24 Jan 2002                         chkey(1)