KEYLOGIN(1) User Commands KEYLOGIN(1)


NAME


keylogin - decrypt and store secret key with keyserv

SYNOPSIS


/usr/bin/keylogin [-r]


DESCRIPTION


The keylogin command prompts for a password, and uses it to decrypt the
user's secret key. The key can be found in the /etc/publickey file (see
publickey(5)) or the NIS map ``publickey.byname'' in the user's home
domain. The sources and their lookup order are specified in the
/etc/nsswitch.conf file. See nsswitch.conf(5). Once decrypted, the
user's secret key is stored by the local key server process, keyserv(8).
This stored key is used when issuing requests to any secure RPC services,
such as NFS. The program keylogout(1) can be used to delete the key
stored by keyserv .


keylogin fails if it cannot get the caller's key, or the password given
is incorrect. For a new user or host, a new key can be added using
newkey(8).

OPTIONS


The following options are supported:

-r
Update the /etc/.rootkey file. This file holds the unencrypted
secret key of the superuser. Only the superuser can use this
option. It is used so that processes running as superuser can issue
authenticated requests without requiring that the administrator
explicitly run keylogin as superuser at system startup time. See
keyserv(8). The -r option should be used by the administrator when
the host's entry in the publickey database has changed, and the
/etc/.rootkey file has become out-of-date with respect to the
actual key pair stored in the publickey database. The permissions
on the /etc/.rootkey file are such that it can be read and written
by the superuser but by no other user on the system.


FILES


/etc/.rootkey
superuser's secret key


SEE ALSO


chkey(1), keylogout(1), login(1), nsswitch.conf(5), publickey(5),
attributes(7), keyserv(8), newkey(8)


February 25, 2017 KEYLOGIN(1)