xref: /illumos-gate/usr/src/man/man8/newkey.8 (revision bbf21555) 
 te
 Copyright (C) 2005, Sun Microsystems, Inc. All Rights Reserved
 Copyright 1989 AT&T
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 NEWKEY 8 "Feb 25, 2017"
 NAME
newkey - create a new Diffie-Hellman key pair in the publickey database

 SYNOPSIS


newkey -h hostname [-s nis | files | ldap]






newkey -u username [-s nis | files | ldap]




 DESCRIPTION

newkey establishes new public keys for users and machines on the network.
These keys are needed when using secure RPC or secure NFS service.


newkey prompts for a password for the given username or
hostname and then creates a new public/secret Diffie-Hellman 192 bit key
pair for the user or host. The secret key is encrypted with the given password.
The key pair can be stored in the /etc/publickey file or the NIS
publickey map.


newkey consults the publickey entry in the name service switch
configuration file (see nsswitch.conf(5)) to determine which naming
service is used to store the secure RPC keys. If the publickey
entry specifies a unique name service, newkey will add the key in the
specified name service. However, if there are multiple name services listed,
newkey cannot decide which source to update and will display an error
message. The user is required to specify the source explicitly with the
-s option.


In the case of NIS, newkey should be run by the superuser on the master
NIS server for that domain.


In the case of LDAP, newkey should be run by the superuser on a machine
that also recognizes the directory manager's bind distinguished name (DN) and
password to perform an LDAP update for the host.

 OPTIONS
-h hostname


Create a new public/secret key pair for the privileged user at the given
hostname. Prompts for a password for the given hostname.



-u username


Create a new public/secret key pair for the given username. Prompts for a
password for the given username.



-s nis


-s files


-s ldap


Update the database in the specified source:
nis (for NIS), files, or ldap (LDAP). Other sources may be
available in the future.




 SEE ALSO

 chkey (1),  keylogin (1),  nsswitch.conf (5),  publickey (5),  attributes (7)