HP-UX Reference (11i v2 03/08) - 1 User Commands A-M (vol 1)
k
keylogin(1) keylogin(1)
NAME
keylogin - decrypt and store secret key with keyserv
SYNOPSIS
/usr/bin/keylogin
[ -r ]
DESCRIPTION
The
keylogin command prompts for a password, and uses it to decrypt the user’s secret key. The key
may be found in the /etc/publickey
file (see publickey (4)) or the NIS map ‘‘publickey.byname’’ or the
NIS+ table ‘‘cred.org_dir’’ in the user’s home domain. The sources and their lookup order are specified in
the
/etc/nsswitch.conf
file (see nsswitch.conf(4)). Once decrypted, the user’s secret key is stored
by the local key server process, keyserv (1M). This stored key is used when issuing requests to any secure
RPC services, such as NIS+. The program keylogout(1) can be used to delete the key stored by
keyserv.
keylogin will fail if it cannot get the caller’s key, or the password given is incorrect. For a new user or
host, a new key can be added using newkey(1M), nisaddcred (1M), or nisclient (1M).
Options
-r Update the /etc/.rootkey
file. This file holds the unencrypted secret key of the super-user.
Only the super-user may use this option. It is used so that processes running as super-user can
issue authenticated requests without requiring that the administrator explicitly run
keylogin as
super-user at system startup time (see keyserv (1M)). The
-r option should be used by the adminis-
trator when the host’s entry in the publickey database has changed, and the
/etc/.rootkey file
has become out-of-date with respect to the actual key pair stored in the publickey database. The
permissions on the
/etc/.rootkey
file are such that it may be read and written by the super-
user but by no other user on the system.
AUTHOR
keylogin was developed by Sun Microsystems, Inc.
FILES
/etc/.rootkey Super-user’s secret key
SEE ALSO
chkey(1), keylogout(1), login(1), keyserv(1M), newkey(1M), nisaddcred(1M), nisclient(1M), publickey(4),
nsswitch.conf(4).
Section 1−−388 Hewlett-Packard Company − 1 − HP-UX 11i Version 2: August 2003