keylogin - decrypt and store secret key with keyserv
/usr/bin/keylogin [ -r ]
The keylogin command prompts for a password, and uses it to decrypt
the user's secret key. The key may be found in the /etc/publickey file
(see publickey(4)) or the NIS map ``publickey.byname'' or the NIS+
table ``cred.org_dir'' in the user's home domain. The sources and
their lookup order are specified in the /etc/nsswitch.conf file (see
nsswitch.conf(4)). Once decrypted, the user's secret key is stored by
the local key server process, keyserv(1M). This stored key is used
when issuing requests to any secure RPC services, such as NIS+. The
program keylogout(1) can be used to delete the key stored by keyserv.
keylogin will fail if it cannot get the caller's key, or the password
given is incorrect. For a new user or host, a new key can be added
using newkey(1M), nisaddcred(1M), or nisclient(1M).
-r Update the /etc/.rootkey file. This file holds the unencrypted
secret key of the super-user. Only the super-user may use this
option. It is used so that processes running as super-user can
issue authenticated requests without requiring that the
administrator explicitly run keylogin as super-user at system
startup time (see keyserv(1M)). The -r option should be used by
the administrator when the host's entry in the publickey database
has changed, and the /etc/.rootkey file has become out-of-date
with respect to the actual key pair stored in the publickey
database. The permissions on the /etc/.rootkey file are such
that it may be read and written by the super-user but by no other
user on the system.
keylogin was developed by Sun Microsystems, Inc.
/etc/.rootkey Super-user's secret key
chkey(1), keylogout(1), login(1), keyserv(1M), newkey(1M),
nisaddcred(1M), nisclient(1M), publickey(4), nsswitch.conf(4).
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000