keyserv - server for storing private encryption keys
keyserv [-c] [-d | -e] [-D] [-n] [-s sizespec]
keyserv is a daemon that is used for storing the private
encryption keys of each user logged into the system. These
encryption keys are used for accessing secure network ser-
vices such as secure NFS and NIS+.
Normally, root's key is read from the file /etc/.rootkey
when the daemon is started. This is useful during power-fail
reboots when no one is around to type a password.
keyserv will not start up if the system does not have a
secure rpc domain configured. Set up the domain name by
using the /usr/bin/domainname command. Usually the
/etc/init.d/inetinit script reads the domain from
/etc/defaultdomain. Invoking the domainname command without
arguments tells you if you have a domain set up.
The /etc/default/keyserv file contains the following default
parameter settings. See FILES.
Specifies whether default keys for nobody are used.
ENABLE_NOBODY_KEYS=NO is equivalent to the -d
command-line option. The default value for
ENABLE_NOBODY_KEYS is YES.
-c Do not use disk caches. This option overrides any -s
-D Run in debugging mode and log all requests to
-d Disable the use of default keys for nobody. See FILES.
-e Enable the use of default keys for nobody. This is the
default behavior. See FILES.
-n Root's secret key is not read from /etc/.rootkey.
Instead, keyserv prompts the user for the password to
decrypt root's key stored in the publickey database
and then stores the decrypted key in /etc/.rootkey for
future use. This option is useful if the /etc/.rootkey
file ever gets out of date or corrupted.
Specify the size of the extended Diffie-Hellman common
key disk caches. The sizespec can be one of the fol-
size is an integer specifying the maximum number
of entries in the cache, or an integer immedi-
ately followed by the letter M, denoting the
maximum size in MB.
size This form of sizespec applies to all caches.
See nisauthconf(1M) for mechanism types. Note that the
des mechanism, AUTH_DES, does not use a disk cache.
Contains default settings. You can use command-line
options to override these settings.
See attributes(5) for descriptions of the following attri-
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Availability | SUNWcsu |
keylogin(1), keylogout(1), nisauthconf(1M), publickey(4),
NIS+ might not be supported in future releases of the
SolarisTM Operating Environment. Tools to aid the migration
from NIS+ to LDAP are available in the Solaris 9 operating
environment. For more information, visit
Man(1) output converted with