NAME

keylogin − decrypt and store secret key

SYNOPSIS

/usr/bin/keylogin [ −r ]

AVAILABILITY

SUNWcsu

DESCRIPTION

The keylogin command prompts for a password, and uses it to decrypt the user’s secret key. The key may be  stored in the /etc/publickey file (see publickey(4)) or the NIS map “publickey.byname” or the NIS+ table “cred.org_dir” in the user’s home domain.  The sources and their lookup order are specified in the /etc/nsswitch.conf file (see nsswitch.conf(4)).  Once decrypted, the user’s secret key is stored by the local key server process, keyserv(1M).  This stored key is used when issuing requests to any secure RPC services, such as NFS or NIS+.  The program keylogout(1) can be used to delete the key stored by keyserv. 

keylogin will fail if it cannot find the caller’s key. For a new user or host, a new key can be added using newkey(1M) or nisaddcred(1M). 

OPTIONS

−r Update the /etc/.rootkey file.  This file holds the unencrypted secret key of the super-user.  Only the super-user may use this option.  It is used so that processes running as super-user can issue authenticated requests without requiring that the administrator explicitly run keylogin as super-user at system startup time (see keyserv(1M)).  The −r option should be used by the administrator when the host’s entry in the publickey database has changed, and the /etc/.rootkey file has become out-of-date with respect to the actual key pair stored in the publickey database.  The permissions on the /etc/.rootkey file are such that it may be read and written by the super-user but by no other user on the system. 

FILES

/etc/.rootkey super-user’s secret key

SEE ALSO

chkey(1), keylogout(1), login(1), keyserv(1M), newkey(1M), nisaddcred(1M), publickey(4), nsswitch.conf(4)

SunOS 5.2  —  Last change: 25 Jan 1993