keylogin(1)




NAME

     keylogin - decrypt and store secret key with keyserv


SYNOPSIS

     /usr/bin/keylogin [-r]


DESCRIPTION

     The keylogin command prompts for a password, and uses it  to
     decrypt  the  user's secret key. The key may be found in the
     /etc/publickey file  (see  publickey(4))  or  the   NIS  map
     ``publickey.byname''  or the  NIS+ table ``cred.org_dir'' in
     the user's home domain. The sources and their  lookup  order
     are   specified   in   the   /etc/nsswitch.conf   file.  See
     nsswitch.conf(4). Once decrypted, the user's secret  key  is
     stored  by  the  local key server process, keyserv(1M). This
     stored key is used when issuing requests to any  secure  RPC
     services,  such as NFS or NIS+. The program keylogout(1) can
     be used to delete the key stored by keyserv .

     keylogin will fail if it cannot get the caller's key, or the
     password  given  is incorrect. For a new user or host, a new
     key can  be  added  using   newkey(1M),  nisaddcred(1M),  or
     nisclient(1M).

     If multiple authentication mechanisms are configured for the
     system,  each  of the configured mechanism's secret key will
     be   decrypted   and   stored    by     keyserv(1M).     See
     nisauthconf(1M)  for  information  on  configuring  multiple
     authentication mechanisms.


OPTIONS

     -r    Update the /etc/.rootkey file.  This  file  holds  the
           unencrypted  secret  key  of  the  superuser. Only the
           superuser may use this option.  It  is  used  so  that
           processes running as superuser can issue authenticated
           requests  without  requiring  that  the  administrator
           explicitly run keylogin as superuser at system startup
           time. See keyserv(1M). The -r option should be used by
           the  administrator  when  the host's entry in the pub-
           lickey database has  changed,  and  the  /etc/.rootkey
           file  has  become  out-of-date  with   respect  to the
           actual key pair stored in the publickey database.  The
           permissions on the /etc/.rootkey file are such that it
           may be read and written by the  superuser  but  by  no
           other user on the system.

           If multiple authentication mechanisms  are  configured
           for  the  system,  each  of the configured mechanism's
           secret keys will be stored in the /etc/.rootkey file.


FILES

     /etc/.rootkey
           superuser's secret key


ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|


SEE ALSO

     chkey(1), keylogout(1), login(1),  keyserv(1M),  newkey(1M),
     nisaddcred(1M),        nisauthconf(1M),       nisclient(1M),
     nsswitch.conf(4), publickey(4), attributes(5)


NOTES

     NIS+ might not  be  supported  in  future  releases  of  the
     SolarisTM  Operating Environment. Tools to aid the migration
     from NIS+ to LDAP are available in the Solaris  9  operating
     environment.      For      more      information,      visit
     http://www.sun.com/directory/nisplus/transition.html.


Man(1) output converted with man2html