- online man pages   

SunOS man pages : keyserv (1)

Maintenance Commands                                  keyserv(1M)


keyserv - server for storing private encryption keys


keyserv [ -c ] [ -d ] [ -D ] [ -n ] [ -s sizespec ]


keyserv is a daemon that is used for storing the private encryption keys of each user logged into the system. These encryption keys are used for accessing secure network ser- vices such as secure NFS and NIS+. Normally, root's key is read from the file /etc/.rootkey when the daemon is started. This is useful during power-fail reboots when no one is around to type a password.


-c Do not use disk caches. This option overrides any -s option. -d Disable the use of default keys for nobody. -D Run in debugging mode and log all requests to keyserv. -n Root's secret key is not read from /etc/.rootkey. Instead, keyserv prompts the user for the password to decrypt root's key stored in the publickey database and then stores the decrypted key in /etc/.rootkey for future use. This option is useful if the /etc/.rootkey file ever gets out of date or corrupted. -s sizespec Specify the size of the extended Diffie-Hellman common key disk caches. The sizespec can be one of the fol- lowing forms: mechtype=size size is an integer specifying the maximum number of entries in the cache, or an integer immediately fol- lowed by the letter M, denoting the maximum size in MB. size This form of sizespec applies to all caches. See nisauthconf(1M) for mechanism types. Note that the des mechanism, AUTH_DES, does not use a disk cache.


/etc/.rootkey SunOS 5.8 Last change: 18 Oct 1999 1 Maintenance Commands keyserv(1M)


See attributes(5) for descriptions of the following attri- butes: ____________________________________________________________ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | |_____________________________|_____________________________| | Availability | SUNWcsu | |_____________________________|_____________________________|


keylogin(1), keylogout(1), nisauthconf(1M), publickey(4), attributes(5)


keyserv will not start up if the system does not have a secure rpc domain configured. Set up the domain name by using the /usr/bin/domainname command. Usually the /etc/init.d/inetinit script reads the domain from /etc/defaultdomain. Invoking the domainname command without arguments tells you if you have a domain set up. SunOS 5.8 Last change: 18 Oct 1999 2