HP-UX Reference (11i v2 07/12) - 1M System Administration Commands N-Z (vol 4)
n
newkey(1M) newkey(1M)
NAME
newkey - create a new Diffie-Hellman key pair in the publickey database
SYNOPSIS
newkey -h hostname [ -s nisplus
| nis | files | ldap ]
newkey -u username [ -s nisplus
| nis | files | ldap ]
DESCRIPTION
newkey establishes new public keys for users and machines on the network. These keys are needed when
using secure RPC or secure NFS service.
newkey prompts for a password for the given username or hostname and then creates a new public/secret
Diffie-Hellman 192 bit key pair for the user or host. The secret key is encrypted with the given password.
The key pair can be stored in the
/etc/publickey file, the NIS
publickey map, the NIS+
cred.org_dir table, or the people/host entries in LDAP directory.
newkey consults the publickey entry in the name service switch configuration file (see
nsswitch.conf(4)) to determine which naming service is used to store the secure RPC keys. If the
pub-
lickey
entry specifies a unique name service, newkey will add the key in the specified name service.
However, if there are multiple name services listed, newkey cannot decide which source to update and
will display an error message. The user is required to specify the source explicitly with the
-s option.
In the case of NIS,
newkey should be run by the superuser on the master NIS server for that domain. In
the case of NIS+, newkey should be run by the superuser on a machine which has permission to update
the cred.org_dir table of the new user/host domain. In the case of LDAP,
newkey should be run by
the superuser on a machine which has permission to update the user/host entries in the LDAP directory.
In the case of NIS+,
nisaddcred should be used to add new keys.
Options
-h hostname Create a new public/secret key pair for the privileged user at the given hostname.
Prompts for a password for the given hostname.
-u username Create a new public/secret key pair for the given username. Prompts for a password
for the given username.
-s nisplus | nis | files | ldap
Update the database in the specified source: -s nisplus (for NIS+), -s nis (for
NIS),
-s files (for Files) or -s ldap (for LDAP). ldap source is supported only
with Enhanced Key Components. Other sources may be available in the future.
WARNING
In the case of NIS+, newkey should be followed by a keylogin on the NIS+ client machines. Otherwise,
the user will be authenticated as
nobody.
AUTHOR
newkey was developed by Sun Microsystems, Inc.
SEE ALSO
chkey(1), keylogin(1), nisaddcred(1M), nisclient(1M), nsswitch.conf(4), publickey(4).
LDAP-UX Client Services Administrator’s Guide
LDAP-UX Client Services Release Notes
76 Hewlett-Packard Company − 1 − HP-UX 11i Version 2: December 2007 Update