keyserv(1M)

NAME

     keyserv - server for storing private encryption keys

SYNOPSIS

     keyserv [-c] [-d | -e]  [-D] [-n] [-s sizespec]

DESCRIPTION

     keyserv is a daemon that is used  for  storing  the  private
     encryption  keys  of each user logged into the system. These
     encryption keys are used for accessing secure  network  ser-
     vices such as secure NFS and NIS+.

     Normally, root's key is read  from  the  file  /etc/.rootkey
     when the daemon is started. This is useful during power-fail
     reboots when no one is around to type a password.

     keyserv will not start up if the  system  does  not  have  a
     secure  rpc  domain  configured.  Set  up the domain name by
     using   the   /usr/bin/domainname   command.   Usually   the
     /etc/init.d/inetinit    script   reads   the   domain   from
     /etc/defaultdomain. Invoking the domainname command  without
     arguments tells you if you have a domain set up.

     The /etc/default/keyserv file contains the following default
     parameter settings. See FILES.

     ENABLE_NOBODY_KEYS
           Specifies whether default keys for  nobody  are  used.
           ENABLE_NOBODY_KEYS=NO   is   equivalent   to   the  -d
           command-line   option.   The   default    value    for
           ENABLE_NOBODY_KEYS is YES.

OPTIONS

     -c    Do not use disk caches. This option overrides  any  -s
           option.

     -D    Run  in  debugging  mode  and  log  all  requests   to
           keyserv.

     -d    Disable the use of default keys for nobody. See FILES.

     -e    Enable the use of default keys for nobody. This is the
           default behavior. See FILES.

     -n    Root's secret key  is  not  read  from  /etc/.rootkey.
           Instead,  keyserv prompts the user for the password to
           decrypt root's key stored in  the  publickey  database
           and then stores the decrypted key in /etc/.rootkey for
           future use. This option is useful if the /etc/.rootkey
           file ever gets out of date or corrupted.

     -s sizespec
           Specify the size of the extended Diffie-Hellman common
           key  disk  caches. The sizespec can be one of the fol-
           lowing forms:

           mechtype=size
                 size is an integer specifying the maximum number
                 of  entries  in the cache, or an integer immedi-
                 ately followed by the  letter  M,  denoting  the
                 maximum size in MB.

           size  This form of sizespec applies to all caches.

           See nisauthconf(1M) for mechanism types. Note that the
           des mechanism, AUTH_DES, does not use a disk cache.

FILES

     /etc/.rootkey

     /etc/default/keyserv
           Contains default settings. You  can  use  command-line
           options to override these settings.

ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|

SEE ALSO

     keylogin(1),  keylogout(1),  nisauthconf(1M),  publickey(4),
     attributes(5)

NOTES

     NIS+ might not  be  supported  in  future  releases  of  the
     SolarisTM  Operating Environment. Tools to aid the migration
     from NIS+ to LDAP are available in the Solaris  9  operating
     environment.      For      more      information,      visit
     http://www.sun.com/directory/nisplus/transition.html.
Man(1) output converted with man2html