keyserv(1M) System Administration Commands keyserv(1M)NAMEkeyserv - server for storing private encryption keys
SYNOPSISkeyserv [-c] [-d | -e] [-D] [-n] [-s sizespec]
DESCRIPTIONkeyserv is a daemon that is used for storing the private encryption
keys of each user logged into the system. These encryption keys are
used for accessing secure network services such as secure NFS and NIS+.
Normally, root's key is read from the file /etc/.rootkey when the dae‐
mon is started. This is useful during power-fail reboots when no one is
around to type a password.
keyserv does not start up if the system does not have a secure rpc
domain configured. Set up the domain name by using the /usr/bin/domain‐
name command. Usually the svc:/system/identity:domain service reads the
domain from /etc/defaultdomain. Invoking the domainname command without
arguments tells you if you have a domain set up.
The /etc/default/keyserv file contains the following default parameter
settings. See .
ENABLE_NOBODY_KEYS Specifies whether default keys for nobody are
used. ENABLE_NOBODY_KEYS=NO is equivalent to the
-d command-line option. The default value for
ENABLE_NOBODY_KEYS is YES.
OPTIONS
The following options are supported:
-c Do not use disk caches. This option overrides any -s
option.
-D Run in debugging mode and log all requests to keyserv.
-d Disable the use of default keys for nobody. See .
-e Enable the use of default keys for nobody. This is the
default behavior. See .
-n Root's secret key is not read from /etc/.rootkey.
Instead, keyserv prompts the user for the password to
decrypt root's key stored in the publickey database and
then stores the decrypted key in /etc/.rootkey for
future use. This option is useful if the /etc/.rootkey
file ever gets out of date or corrupted.
-s sizespec Specify the size of the extended Diffie-Hellman common
key disk caches. The sizespec can be one of the follow‐
ing forms:
mechtype=size size is an integer specifying the maxi‐
mum number of entries in the cache, or
an integer immediately followed by the
letter M, denoting the maximum size in
MB.
size This form of sizespec applies to all
caches.
See nisauthconf(1M) for mechanism types. Note that the
des mechanism, AUTH_DES, does not use a disk cache.
FILES
/etc/.rootkey
/etc/default/keyserv Contains default settings. You can use command-
line options to override these settings.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWcsu │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOkeylogin(1), svcs(1), keylogout(1), nisauthconf(1M), svcadm(1M), pub‐
lickey(4), attributes(5), smf(5)
http://www.sun.com/directory/nisplus/transition.html
NOTES
NIS+ might not be supported in future releases of the Solaris operating
system. Tools to aid the migration from NIS+ to LDAP are available in
the current Solaris release. For more information, visit
http://www.sun.com/directory/nisplus/transition.html.
The keyserv service is managed by the service management facility,
smf(5), under the service identifier:
svc:/network/rpc/keyserv:default
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using svcadm(1M). The service's
status can be queried using the svcs(1) command.
SunOS 5.10 4 Jan 2002 keyserv(1M)