unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

keylogin(1)                      User Commands                     keylogin(1)



NAME
       keylogin - decrypt and store secret key with keyserv

SYNOPSIS
       /usr/bin/keylogin [-r]

DESCRIPTION
       The keylogin command prompts for a password, and uses it to decrypt the
       user's secret key. The key may be found in the /etc/publickey file (see
       publickey(4))  or  the  NIS map ``publickey.byname'' or the  NIS+ table
       ``cred.org_dir'' in the user's  home  domain.  The  sources  and  their
       lookup  order  are  specified  in the /etc/nsswitch.conf file. See nss-
       witch.conf(4). Once decrypted, the user's secret key is stored  by  the
       local  key  server  process,  keyserv(1M). This stored key is used when
       issuing requests to any secure RPC services, such as NFS or  NIS+.  The
       program keylogout(1) can be used to delete the key stored by keyserv .

       keylogin  will  fail if it cannot get the caller's key, or the password
       given is incorrect. For a new user or host, a  new  key  can  be  added
       using  newkey(1M), nisaddcred(1M), or nisclient(1M).

       If  multiple  authentication  mechanisms are configured for the system,
       each of the configured mechanism's secret key  will  be  decrypted  and
       stored by  keyserv(1M).  See nisauthconf(1M) for information on config-
       uring multiple authentication mechanisms.

OPTIONS
       -r       Update the /etc/.rootkey file. This file holds the unencrypted
                secret  key  of the superuser. Only the superuser may use this
                option. It is used so that processes running as superuser  can
                issue authenticated requests without requiring that the admin-
                istrator  explicitly  run  keylogin  as  superuser  at  system
                startup time. See keyserv(1M). The -r option should be used by
                the administrator when the host's entry in the publickey data-
                base  has  changed, and the /etc/.rootkey file has become out-
                of-date with  respect to the actual key  pair  stored  in  the
                publickey  database. The permissions on the /etc/.rootkey file
                are such that it may be read and written by the superuser  but
                by no other user on the system.

                If  multiple  authentication mechanisms are configured for the
                system, each of the configured mechanism's secret keys will be
                stored in the /etc/.rootkey file.



FILES
       /etc/.rootkey   superuser's secret key



ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:


       tab()     allbox;     cw(2.750000i)|    cw(2.750000i)    lw(2.750000i)|
       lw(2.750000i).  ATTRIBUTE TYPEATTRIBUTE VALUE AvailabilitySUNWcsu


SEE ALSO
       chkey(1),  keylogout(1),  login(1),  keyserv(1M),  newkey(1M),  nisadd-
       cred(1M),   nisauthconf(1M),   nisclient(1M),   nsswitch.conf(4),  pub-
       lickey(4), attributes(5)

NOTES
       NIS+ might not be supported in future releases of the SolarisTM Operat-
       ing  Environment.  Tools  to  aid  the  migration from NIS+ to LDAP are
       available in the Solaris 9 operating environment. For more information,
       visit http://www.sun.com/directory/nisplus/transition.html.



SunOS 5.10                        10 Dec 2001                      keylogin(1)