Manualshelf

HP-UX Reference (11i v3 07/02) - 1 User Commands A-M (vol 1)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals
471472473474475476477478479480
k
keylogin(1) keylogin(1)
NAME
keylogin - decrypt and store secret key with keyserv
SYNOPSIS
/usr/bin/keylogin
[ -r ]
DESCRIPTION
The
keylogin command prompts for a password, and uses it to decrypt the user’s secret key. The key
may be found in the /etc/publickey
file (see publickey(4)), the NIS map
publickey.byname
or
user/host entries in the LDAP directory in the user’s home domain. The sources and their lookup order
are specified in the /etc/nsswitch.conf
file (see nsswitch.conf(4)).
Once decrypted, the user’s secret key is stored by the local key server process,
keyserv. This stored key
is used when issuing requests to any secure RPC services, such as NFS. The program
keylogout can be
used to delete the key stored by
keyserv
.
keylogin will fail if it cannot get the caller’s key, or the password given is incorrect. For a new user or
host, a new key can be added using
newkey.
Options
-r Update the /etc/.rootkey
file. This file holds the unencrypted secret key of the superuser.
Only the superuser may use this option. It is used so that processes running as superuser can issue
authenticated requests without requiring that the administrator explicitly run
keylogin as
superuser at system startup time (see keyserv(1M)).
The
-r option should be used by the administrator when the host’s entry in the publickey database
has changed, and the
/etc/.rootkey
file has become out-of-date with respect to the actual key
pair stored in the publickey database.
The permissions on the
/etc/.rootkey
file are such that it may be read and written by the
superuser but by no other user on the system.
WARNINGS
HP-UX 11i Version 2 is the last HP-UX release on which NIS+ is supported. LDAP is the recommended
replacement for NIS+. HP fully supports the industry standard naming services based on LDAP.
AUTHOR
keylogin was developed by Sun Microsystems, Inc.
FILES
/etc/.rootkey Superusers secret key
SEE ALSO
chkey(1), keylogout(1), login(1), keyserv(1M), newkey(1M), publickey(4), nsswitch.conf(4).
LDAP-UX Client Services Administrator’s Guide
LDAP-UX Client Services Release Notes
HP-UX 11i Version 3: February 2007 1 Hewlett-Packard Company 473