PUBLICKEY(5) BSD File Formats Manual PUBLICKEY(5)NAME
publickey -- public key database
SYNOPSIS
/etc/publickey
DESCRIPTION
/etc/publickey is the public key database used for secure RPC (Remote Procedure Calls). Each entry in the database consists of a network
user name (which may either refer to a user or a hostname), followed by the user's public key (in hex notation), a colon, and then the user's
secret key encrypted with its login password (also in hex notation).
This file is altered either by the user through the chkey(1) command or by the system administrator through the newkey(8) command. The file
/etc/publickey should only contain data on the NIS master machine, where it is converted into the NIS database publickey.byname.
SEE ALSO chkey(1), publickey(3), newkey(8), ypupdated(8)BSD October 19, 1987 BSD
Check Out this Related Man Page
chkey(1) User Commands chkey(1)NAME
chkey - change user's secure RPC key pair
SYNOPSIS
chkey [-p] [-s nisplus | nis | files | ldap] [-m <mechanism>]
DESCRIPTION
chkey is used to change a user's secure RPC public key and secret key pair. chkey prompts for the old secure-rpc password and verifies that
it is correct by decrypting the secret key. If the user has not already used keylogin(1) to decrypt and store the secret key with key-
serv(1M), chkey registers the secret key with the local keyserv( 1M) daemon. If the secure-rpc password does not match the login password,
chkey prompts for the login password. chkey uses the login password to encrypt the user's secret Diffie-Hellman (192 bit) cryptographic
key. chkey can also encrypt other Diffie-Hellman keys for authentication mechanisms configured using nisauthconf(1M).
chkey ensures that the login password and the secure-rpc password(s) are kept the same, thus enabling password shadowing. See shadow(4).
The key pair can be stored in the /etc/publickey file (see publickey(4)), the NIS publickey map, or the NIS+ cred.org_dir table. If a new
secret key is generated, it will be registered with the local keyserv(1M) daemon. However, only NIS+ can store Diffie-Hellman keys other
than 192-bits.
Keys for specific mechanisms can be changed or reencrypted using the -m option followed by the authentication mechanism name. Multiple -m
options can be used to change one or more keys. However, only mechanisms configured using nisauthconf(1M) can be changed with chkey.
If the source of the publickey is not specified with the -s option, chkey consults the publickey entry in the name service switch con-
figuration file. See nsswitch.conf(4). If the publickey entry specifies one and only one source, then chkey will change the key in the
specified name service. However, if multiple name services are listed, chkey can not decide which source to update and will display an
error message. The user should specify the source explicitly with the -s option.
Non root users are not allowed to change their key pair in the files database.
OPTIONS
The following options are supported:
-p Re-encrypt the existing secret key with the user's login password.
-s nisplus Update the NIS+ database.
-s nis Update the NIS database.
-s files Update the files database.
-s ldap Update the LDAP database.
-m <mechanism> Changes or re-encrypt the secret key for the specified mechanism.
FILES
/etc/nsswitch.conf
/etc/publickey
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO keylogin(1), keylogout(1), keyserv(1M), newkey(1M), nisaddcred(1M), nisauthconf(1M), nsswitch.conf(4), publickey(4), shadow(4),
attributes(5)NOTES
NIS+ might not be supported in future releases of the SolarisTM Operating Environment. Tools to aid the migration from NIS+ to LDAP are
available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html.
SunOS 5.10 24 Jan 2002 chkey(1)