KEYLOGIN(1) User Commands KEYLOGIN(1)
NAME
keylogin - decrypt and store secret key with keyserv
SYNOPSIS
/usr/bin/keylogin [
-r]
DESCRIPTION
The
keylogin command prompts for a password, and uses it to decrypt
the user's secret key. The key can be found in the
/etc/publickey file (see
publickey(5)) or the NIS map ``publickey.byname'' in the
user's home domain. The sources and their lookup order are specified
in the
/etc/nsswitch.conf file. See
nsswitch.conf(5). Once
decrypted, the user's secret key is stored by the local key server
process,
keyserv(8). This stored key is used when issuing requests to
any secure RPC services, such as
NFS. The program
keylogout(1) can be
used to delete the key stored by
keyserv . keylogin fails if it cannot get the caller's key, or the password
given is incorrect. For a new user or host, a new key can be added
using
newkey(8).
OPTIONS
The following options are supported:
-r Update the
/etc/.rootkey file. This file holds the unencrypted
secret key of the superuser. Only the superuser can use this
option. It is used so that processes running as superuser can
issue authenticated requests without requiring that the
administrator explicitly run
keylogin as superuser at system
startup time. See
keyserv(8). The
-r option should be used by
the administrator when the host's entry in the publickey
database has changed, and the
/etc/.rootkey file has become
out-of-date with respect to the actual key pair stored in the
publickey database. The permissions on the
/etc/.rootkey file
are such that it can be read and written by the superuser but
by no other user on the system.
FILES
/etc/.rootkey superuser's secret key
SEE ALSO
chkey(1),
keylogout(1),
login(1),
nsswitch.conf(5),
publickey(5),
attributes(7),
keyserv(8),
newkey(8) February 25, 2017 KEYLOGIN(1)
