keylogin(1)
NAME
keylogin - decrypt and store secret key with keyserv
SYNOPSIS
/usr/bin/keylogin [-r]
DESCRIPTION
The keylogin command prompts for a password, and uses it to
decrypt the user's secret key. The key may be found in the
/etc/publickey file (see publickey(4)) or the NIS map
``publickey.byname'' or the NIS+ table ``cred.org_dir'' in
the user's home domain. The sources and their lookup order
are specified in the /etc/nsswitch.conf file. See
nsswitch.conf(4). Once decrypted, the user's secret key is
stored by the local key server process, keyserv(1M). This
stored key is used when issuing requests to any secure RPC
services, such as NFS or NIS+. The program keylogout(1) can
be used to delete the key stored by keyserv .
keylogin will fail if it cannot get the caller's key, or the
password given is incorrect. For a new user or host, a new
key can be added using newkey(1M), nisaddcred(1M), or
nisclient(1M).
If multiple authentication mechanisms are configured for the
system, each of the configured mechanism's secret key will
be decrypted and stored by keyserv(1M). See
nisauthconf(1M) for information on configuring multiple
authentication mechanisms.
OPTIONS
-r Update the /etc/.rootkey file. This file holds the
unencrypted secret key of the superuser. Only the
superuser may use this option. It is used so that
processes running as superuser can issue authenticated
requests without requiring that the administrator
explicitly run keylogin as superuser at system startup
time. See keyserv(1M). The -r option should be used by
the administrator when the host's entry in the pub-
lickey database has changed, and the /etc/.rootkey
file has become out-of-date with respect to the
actual key pair stored in the publickey database. The
permissions on the /etc/.rootkey file are such that it
may be read and written by the superuser but by no
other user on the system.
If multiple authentication mechanisms are configured
for the system, each of the configured mechanism's
secret keys will be stored in the /etc/.rootkey file.
FILES
/etc/.rootkey
superuser's secret key
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsu |
|_____________________________|_____________________________|
SEE ALSO
chkey(1), keylogout(1), login(1), keyserv(1M), newkey(1M),
nisaddcred(1M), nisauthconf(1M), nisclient(1M),
nsswitch.conf(4), publickey(4), attributes(5)
NOTES
NIS+ might not be supported in future releases of the
SolarisTM Operating Environment. Tools to aid the migration
from NIS+ to LDAP are available in the Solaris 9 operating
environment. For more information, visit
http://www.sun.com/directory/nisplus/transition.html.
Man(1) output converted with
man2html