NAME
chkey — change user's secure RPC key pair
SYNOPSIS
chkey
[
-p
]
[
-s
nisplus | nis | files
]
DESCRIPTION
chkey
is used to change a user's secure RPC public key and secret key
pair.
chkey
prompts for the old secure-rpc password and verifies
that it is correct by decrypting
the secret key.
If the user has not already keylogged in,
chkey
registers the secret key with the local
keyserv(1M)
daemon.
If the secure-rpc password does not match the login password,
chkey
prompts for the
login password.
chkey
uses the login password to encrypt the user's secret
Diffie-Hellman (192 bit) cryptographic key.
chkey
ensures that the login password and the secure-rpc
password are kept the same.
The key pair can be stored in the
/etc/publickey
file, (see
publickey(4)),
NIS
publickey
map or
NIS+
cred.org_dir
table. If a new secret key
is generated, it will be registered with the local
keyserv(1M)
daemon.
If the source of the
publickey
is not specified with the
-s
option,
chkey
consults the
publickey
entry in the
name service switch configuration file
(see
nsswitch.conf(4)).
If the
publickey
entry specifies one and only one source, then
chkey
will change the key in the specified name service.
However, if multiple name services are listed,
chkey
can not
decide which source to update and will display an error message.
The user should specify the source explicitly with the
-s
option.
Non root users are not allowed to change their key pair in the
/etc/publickey
file.
Options
- -p
Re-encrypt the existing secret key with the user's
login password.
- -s nisplus
Update the
NIS+
database.
- -s nis
Update the
NIS
database.
- -s files
Update the
files
database.
AUTHOR
chkey
was developed by Sun Microsystems, Inc.
FILES
/etc/nsswitch.conf
/etc/publickey