keylogin(1) User Commands keylogin(1)NAMEkeylogin - decrypt and store secret key with keyserv
SYNOPSIS
/usr/bin/keylogin [-r]
DESCRIPTION
The keylogin command prompts for a password, and uses it to decrypt the
user's secret key. The key can be found in the /etc/publickey file (see
publickey(4)) or the NIS map ``publickey.byname'' or the NIS+ table
``cred.org_dir'' in the user's home domain. The sources and their
lookup order are specified in the /etc/nsswitch.conf file. See nss‐
witch.conf(4). Once decrypted, the user's secret key is stored by the
local key server process, keyserv(1M). This stored key is used when
issuing requests to any secure RPC services, such as NFS or NIS+. The
program keylogout(1) can be used to delete the key stored by keyserv .
keylogin fails if it cannot get the caller's key, or the password given
is incorrect. For a new user or host, a new key can be added using
newkey(1M), nisaddcred(1M), or nisclient(1M).
If multiple authentication mechanisms are configured for the system,
each of the configured mechanism's secret key is decrypted and stored
by keyserv(1M). See nisauthconf(1M) for information on configuring
multiple authentication mechanisms.
OPTIONS
The following options are supported:
-r Update the /etc/.rootkey file. This file holds the unencrypted
secret key of the superuser. Only the superuser can use this
option. It is used so that processes running as superuser can
issue authenticated requests without requiring that the admin‐
istrator explicitly run keylogin as superuser at system
startup time. See keyserv(1M). The -r option should be used by
the administrator when the host's entry in the publickey data‐
base has changed, and the /etc/.rootkey file has become out-
of-date with respect to the actual key pair stored in the
publickey database. The permissions on the /etc/.rootkey file
are such that it can be read and written by the superuser but
by no other user on the system.
If multiple authentication mechanisms are configured for the
system, each of the configured mechanism's secret keys is
stored in the /etc/.rootkey file.
FILES
/etc/.rootkey superuser's secret key
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWcsu │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOchkey(1), keylogout(1), login(1), keyserv(1M), newkey(1M), nisadd‐
cred(1M), nisauthconf(1M), nisclient(1M), nsswitch.conf(4), pub‐
lickey(4), attributes(5)NOTES
NIS+ might not be supported in future releases of the Solaris operating
system. Tools to aid the migration from NIS+ to LDAP are available in
the current Solaris release. For more information, visit
http://www.sun.com/directory/nisplus/transition.html.
SunOS 5.10 2 Dec 2005 keylogin(1)