Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1‎ > ‎


     keylogin - decrypt and store secret key with keyserv

     /usr/bin/keylogin [-r]

     The keylogin command prompts for a password, and uses it  to
     decrypt  the  user's secret key. The key can be found in the
     /etc/publickey file  (see  publickey(4))  or  the   NIS  map
     ``publickey.byname''  or the  NIS+ table ``cred.org_dir'' in
     the user's home domain. The sources and their  lookup  order
     are   specified   in   the   /etc/nsswitch.conf   file.  See
     nsswitch.conf(4). Once decrypted, the user's secret  key  is
     stored  by  the  local key server process, keyserv(1M). This
     stored key is used when issuing requests to any  secure  RPC
     services,  such as NFS or NIS+. The program keylogout(1) can
     be used to delete the key stored by keyserv .

     keylogin fails if it cannot get the  caller's  key,  or  the
     password  given  is incorrect. For a new user or host, a new
     key can  be  added  using   newkey(1M),  nisaddcred(1M),  or

     If multiple authentication mechanisms are configured for the
     system,  each  of  the  configured mechanism's secret key is
     decrypted and stored by  keyserv(1M).   See  nisauthconf(1M)
     for   information  on  configuring  multiple  authentication

     The following options are supported:

     -r       Update the /etc/.rootkey file. This file holds  the
              unencrypted  secret  key of the superuser. Only the
              superuser can use this option. It is used  so  that
              processes  running as superuser can issue authenti-
              cated requests without requiring that the  adminis-
              trator explicitly run keylogin as superuser at sys-
              tem startup time. See keyserv(1M).  The  -r  option
              should be used by the administrator when the host's
              entry in the publickey database  has  changed,  and
              the  /etc/.rootkey file has become out-of-date with
              respect to the actual key pair stored in  the  pub-
              lickey    database.    The   permissions   on   the
              /etc/.rootkey file are such that it can be read and
              written  by  the  superuser but by no other user on
              the system.

              If multiple authentication mechanisms  are  config-
              ured   for  the  system,  each  of  the  configured
              mechanism's  secret   keys   is   stored   in   the
              /etc/.rootkey file.

     /etc/.rootkey   superuser's secret key

     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWcsu                     |

     chkey(1), keylogout(1), login(1),  keyserv(1M),  newkey(1M),
     nisaddcred(1M),        nisauthconf(1M),       nisclient(1M),
     nsswitch.conf(4), publickey(4), attributes(5)

     NIS+ might not  be  supported  in  future  releases  of  the
     Solaris  operating  system.  Tools to aid the migration from
     NIS+ to LDAP are available in the current  Solaris  release.
     For            more            information,            visit

Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.