keylogin(1) User Commands keylogin(1)
NAME
keylogin - decrypt and store secret key with keyserv
SYNOPSIS
/usr/bin/keylogin [ -r ]
AVAILABILITY
SUNWcsu
DESCRIPTION
The keylogin command prompts for a password, and uses it to
decrypt the user's secret key. The key may be found in the
/etc/publickey file (see publickey(4)) or the NIS map
``publickey.byname'' or the NIS+ table ``cred.org_dir'' in
the user's home domain. The sources and their lookup order
are specified in the /etc/nsswitch.conf file (see
nsswitch.conf(4)). Once decrypted, the user's secret key is
stored by the local key server process, keyserv(1M). This
stored key is used when issuing requests to any secure RPC
services, such as NFS or NIS+. The program keylogout(1) can
be used to delete the key stored by keyserv.
keylogin will fail if it cannot get the caller's key, or the
password given is incorrect. For a new user or host, a new
key can be added using newkey(1M), nisaddcred(1M), or
nisclient(1M).
OPTIONS
-r Update the /etc/.rootkey file. This file holds the
unencrypted secret key of the super-user. Only the
super-user may use this option. It is used so that
processes running as super-user can issue authenticated
requests without requiring that the administrator
explicitly run keylogin as super-user at system startup
time (see keyserv(1M)). The -r option should be used
by the administrator when the host's entry in the pub-
lickey database has changed, and the /etc/.rootkey file
has become out-of-date with respect to the actual key
pair stored in the publickey database. The permissions
on the /etc/.rootkey file are such that it may be read
and written by the super-user but by no other user on
the system.
FILES
/etc/.rootkey super-user's secret key
SEE ALSO
chkey(1), keylogout(1), login(1), keyserv(1M), newkey(1M),
nisaddcred(1M), nisclient(1M), publickey(4),
nsswitch.conf(4)
SunOS 5.4 Last change: 25 Jan 1993