Sun Microsystems, Inc.
spacerspacer
spacer   www.sun.com docs.sun.com | | |  
spacer
black dot
   
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z
    
 
System Administration Commandskeyserv(1M)


NAME

 keyserv - server for storing private encryption keys

SYNOPSIS

 keyserv [-c] [ -d | -e] [-D] [-n] [-s sizespec]

DESCRIPTION

 

keyserv is a daemon that is used for storing the private encryption keys of each user logged into the system. These encryption keys are used for accessing secure network services such as secure NFS and NIS+.

Normally, root's key is read from the file /etc/.rootkey when the daemon is started. This is useful during power-fail reboots when no one is around to type a password.

keyserv will not start up if the system does not have a secure rpc domain configured. Set up the domain name by using the /usr/bin/domainname command. Usually the /etc/init.d/inetinit script reads the domain from /etc/defaultdomain. Invoking the domainname command without arguments tells you if you have a domain set up.

The /etc/default/keyserv file contains the following default parameter settings. See FILES.

ENABLE_NOBODY_KEYS
Specifies whether default keys for nobody are used. ENABLE_NOBODY_KEYS=NO is equivalent to the -d command-line option. The default value for ENABLE_NOBODY_KEYS is YES.

OPTIONS

 
-c
Do not use disk caches. This option overrides any -s option.
-D
Run in debugging mode and log all requests to keyserv.
-d
Disable the use of default keys for nobody. See FILES.
-e
Enable the use of default keys for nobody. This is the default behavior. See FILES.
-n
Root's secret key is not read from /etc/.rootkey. Instead, keyserv prompts the user for the password to decrypt root's key stored in the publickey database and then stores the decrypted key in /etc/.rootkey for future use. This option is useful if the /etc/.rootkey file ever gets out of date or corrupted.
-s sizespec
Specify the size of the extended Diffie-Hellman common key disk caches. The sizespec can be one of the following forms:
mechtype=size
size is an integer specifying the maximum number of entries in the cache, or an integer immediately followed by the letter M, denoting the maximum size in MB.
size
This form of sizespec applies to all caches.

See nisauthconf(1M) for mechanism types. Note that the des mechanism, AUTH_DES, does not use a disk cache.

FILES

 
/etc/.rootkey
/etc/default/keyserv
Contains default settings. You can use command-line options to override these settings.

ATTRIBUTES

 

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPEATTRIBUTE VALUE
AvailabilitySUNWcsu

SEE ALSO

 

keylogin(1), keylogout(1), nisauthconf(1M), publickey(4), attributes(5)

NOTES

 

NIS+ might not be supported in future releases of the Solaris Operating Environment. Tools to aid the migration from NIS+ to LDAP are available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html.


SunOS 5.9Go To TopLast Changed 4 Jan 2002

 
      
      
Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.