NAME
chkey — change user's secure RPC key pair
SYNOPSIS
chkey
[
-p
]
[
-s
nisplus | nis | files |
ldap
]
DESCRIPTION
chkey
is used to change a user's secure RPC public key and secret key
pair.
chkey
prompts for the old secure-rpc password and verifies
that it is correct by decrypting
the secret key.
If the user has not already keylogged in,
chkey
registers the secret key with the local
keyserv
daemon.
If the secure-rpc password does not match the login password,
chkey
prompts for the
login password.
chkey
uses the login password to encrypt the user's secret
Diffie-Hellman (192 bit) cryptographic key.
chkey
ensures that the login password and the secure-rpc
password are kept the same.
The key pair can be stored in the
/etc/publickey
file (see
publickey(4)),
the NIS
publickey
map,
the NIS+
cred.org_dir
table, or
people/host
entries in the LDAP directory.
If a new secret key
is generated, it will be registered with the local
keyserv
daemon.
If the source of the
publickey
is not specified with the
-s
option,
chkey
consults the
publickey
entry in the
name service switch configuration file
(see
nsswitch.conf(4)).
If the
publickey
entry specifies one and only one source, then
chkey
will change the key in the specified name service.
However, if multiple name services are listed,
chkey
cannot
decide which source to update and will display an error message.
The user should specify the source explicitly with the
-s
option.
Non-root users are not allowed to change their key pair in the
/etc/publickey
file.
Options
- -p
Reencrypt the existing secret key with the user's
login password.
- -s nisplus
Update the NIS+ database.
- -s nis
Update the NIS database.
- -s files
Update the
files
database.
- -s ldap
Update the LDAP database.
This option is available only with Enhanced Key Components.
AUTHOR
chkey
was developed by Sun Microsystems, Inc.
FILES
/etc/nsswitch.conf
/etc/publickey
