newkey(1M)




NAME

     newkey - create a new Diffie-Hellman key pair  in  the  pub-
     lickey database


SYNOPSIS

     newkey -h hostname [-s nisplus | nis | files | ldap]

     newkey -u username [-s nisplus | nis | files | ldap]


DESCRIPTION

     newkey establishes new public keys for users and machines on
     the  network. These keys are needed when using secure RPC or
     secure  NFS service.

     newkey prompts for a password  for  the  given  username  or
     hostname and then creates a new public/secret Diffie-Hellman
     192 bit key pair for the user or host.  The  secret  key  is
     encrypted  with  the  given  password.  The  key pair can be
     stored in the /etc/publickey file, the NIS publickey map, or
     the NIS+ cred.org_dir table.

     newkey consults the publickey  entry  in  the  name  service
     switch  configuration  file (see nsswitch.conf(4)) to deter-
     mine which naming service is used to store  the  secure  RPC
     keys.  If  the  publickey entry specifies a unique name ser-
     vice, newkey will add the key in the specified name service.
     However,  if there are multiple name services listed, newkey
     cannot decide which source to update  and  will  display  an
     error  message.  The  user is required to specify the source
     explicitly with the -s option.

     In the case of NIS, newkey should be run by the superuser on
     the  master NIS server for that domain. In the case of NIS+,
     newkey should be run by the superuser on a machine which has
     permission  to  update  the  cred.org_dir  table  of the new
     user/host domain.

     In the case of NIS+, nisaddcred(1M) should be  used  to  add
     new  keys.  newkey  cannot be used to create keys other than
     192-bit Diffie-Hellman.


OPTIONS

     -h hostname
           Create a new public/secret key pair for the privileged
           user at the given hostname. Prompts for a password for
           the given hostname.

     -u username
           Create a new public/secret  key  pair  for  the  given
           username.  Prompts  for a password for the given user-
           name.

     -s nisplus

     -s nis

     -s files

     -s ldap
           Update the database in the specified  source:  nisplus
           (for  NIS+),  nis  (for  NIS),  files, or ldap (LDAP).
           Other sources may be available in the future.


ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|


SEE ALSO

     chkey(1),   keylogin(1),   nisaddcred(1M),    nisclient(1M),
     nsswitch.conf(4), publickey(4), attributes(5)


NOTES

     NIS+ might not  be  supported  in  future  releases  of  the
     SolarisTM  Operating Environment. Tools to aid the migration
     from NIS+ to LDAP are available in the Solaris  9  operating
     environment.      For      more      information,      visit
     http://www.sun.com/directory/nisplus/transition.html.


Man(1) output converted with man2html