xref: /illumos-gate/usr/src/man/man1/keylogin.1 (revision bbf21555) 
 te
 Copyright 1989 AT&T
 Copyright (C) 2005, Sun Microsystems, Inc. All Rights Reserved
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 KEYLOGIN 1 "Feb 25, 2017"
 NAME
keylogin - decrypt and store secret key with keyserv

 SYNOPSIS


/usr/bin/keylogin [-r]




 DESCRIPTION

The keylogin command prompts for a password, and uses it to decrypt the
user's secret key. The key can be found in the /etc/publickey file (see
publickey(5)) or the NIS map ``publickey.byname''
in the user's home domain. The sources and their lookup order
are specified in the /etc/nsswitch.conf file. See nsswitch.conf(5).
Once decrypted, the user's secret key is stored by the local key server
process, keyserv(8). This stored key is used when issuing requests to
any secure RPC services, such as NFS. The program
keylogout(1) can be used to delete the key stored by keyserv
.


keylogin fails if it cannot get the caller's key, or the password given
is incorrect. For a new user or host, a new key can be added using
newkey(8).

 OPTIONS

The following options are supported:
-r


Update the /etc/.rootkey file. This file holds the unencrypted secret key
of the superuser. Only the superuser can use this option. It is used so that
processes running as superuser can issue authenticated requests without
requiring that the administrator explicitly run keylogin as superuser at
system startup time. See keyserv(8). The -r option should be used
by the administrator when the host's entry in the publickey database has
changed, and the /etc/.rootkey file has become out-of-date with respect
to the actual key pair stored in the publickey database. The permissions on the
/etc/.rootkey file are such that it can be read and written by the
superuser but by no other user on the system.




 FILES
/etc/.rootkey


superuser's secret key




 SEE ALSO

 chkey (1),  keylogout (1),  login (1),  nsswitch.conf (5),  publickey (5),  attributes (7),  keyserv (8),  newkey (8)