Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages

OpenSolaris 2009.06 - man page for chkey (opensolaris section 1)

chkey(1)				  User Commands 				 chkey(1)

       chkey - change user's secure RPC key pair

       chkey [-p] [-s nisplus | nis | files | ldap]
	    [-m <mechanism>]

       chkey  is used to change a user's secure RPC public key and secret key pair. chkey prompts
       for the old secure-rpc password and verifies that it is correct by decrypting  the  secret
       key. If the user has not already used keylogin(1) to decrypt and store the secret key with
       keyserv(1M), chkey registers the secret key with the  local  keyserv(1M)  daemon.  If  the
       secure-rpc  password  does not match the login password, chkey prompts for the login pass-
       word. chkey uses the login password to encrypt the user's secret Diffie-Hellman (192  bit)
       cryptographic  key.  chkey  can	also encrypt other Diffie-Hellman keys for authentication
       mechanisms configured using nisauthconf(1M).

       chkey ensures that the login password and the secure-rpc  password(s) are kept  the  same,
       thus enabling password shadowing. See shadow(4).

       The  key  pair  can be stored in the  /etc/publickey file (see publickey(4)), the NIS pub-
       lickey map, or the NIS+ cred.org_dir table. If a new secret key is generated, it  will  be
       registered  with the local keyserv(1M) daemon. However, only NIS+ can store Diffie-Hellman
       keys other than 192-bits.

       Keys for specific mechanisms can be changed or reencrypted using the -m option followed by
       the  authentication mechanism name. Multiple  -m options can be used to change one or more
       keys. However, only mechanisms  configured  using  nisauthconf(1M)  can	be  changed  with

       If  the	source of the  publickey is not specified with the -s option,  chkey consults the
       publickey entry in the name service switch configuration file.  See  nsswitch.conf(4).  If
       the   publickey entry specifies one and only one source, then chkey will change the key in
       the specified name service. However, if multiple name services are listed, chkey  can  not
       decide  which  source to update and will display an error message. The user should specify
       the source explicitly with the -s option.

       Non root users are not allowed to change their key pair in the files database.

       The following options are supported:

       -p		 Re-encrypt the existing secret key with the user's login password.

       -s nisplus	 Update the  NIS+ database.

       -s nis		 Update the NIS database.

       -s files 	 Update the  files database.

       -s ldap		 Update the  LDAP database.

       -m <mechanism>	 Changes or re-encrypt the secret key for the specified mechanism.



       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWcsu			   |

       keylogin(1), keylogout(1), keyserv(1M), newkey(1M), nisaddcred(1M), nisauthconf(1M),  nss-
       witch.conf(4), publickey(4), shadow(4), attributes(5)

       NIS+  might  not be supported in future releases of the Solaris operating system. Tools to
       aid the migration from NIS+ to LDAP are available in the current Solaris release. For more
       information, visit http://www.sun.com/directory/nisplus/transition.html.

SunOS 5.11				   29 Nov 2005					 chkey(1)

All times are GMT -4. The time now is 06:24 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password