NAME
keylogin — decrypt and store secret key with keyserv
DESCRIPTION
The
keylogin
command prompts for a password, and uses it to decrypt
the user's secret key. The key may be found in the
/etc/publickey
file (see
publickey(4))
or the
NIS
map ``publickey.byname'' or the
NIS+
table ``cred.org_dir'' in the user's home domain.
The sources and their lookup order
are specified in the
/etc/nsswitch.conf
file (see
nsswitch.conf(4)).
Once decrypted, the user's secret key is stored by the local
key server process,
keyserv(1M).
This stored key is used when issuing requests to any secure RPC services,
such as
NIS+.
The program
keylogout(1)
can be used to delete the key stored by
keyserv.
keylogin
will fail if it cannot get the caller's key, or the password
given is incorrect. For a new user or host, a new key can be added using
newkey(1M),
nisaddcred(1M),
or
nisclient(1M).
Options
- -r
Update the
/etc/.rootkey
file.
This file holds the unencrypted secret key of the super-user.
Only the super-user may use this option.
It is used so that processes running as super-user can issue
authenticated requests without requiring that the administrator explicitly run
keylogin
as super-user at system startup time (see
keyserv(1M)).
The
-r
option should be used by the administrator when the host's entry in the
publickey database has changed, and the
/etc/.rootkey
file has become out-of-date with
respect to the actual key pair stored in the publickey database.
The permissions on the
/etc/.rootkey
file are such that it may be read and written by the
super-user but by no other user on the system.
AUTHOR
keylogin
was developed by Sun Microsystems, Inc.
FILES
- /etc/.rootkey
Super-user's secret key