chkey man page on Solaris

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
Solaris logo
[printable version]

chkey(1)			 User Commands			      chkey(1)

NAME
       chkey - change user's secure RPC key pair

SYNOPSIS
       chkey [-p] [-s nisplus | nis | files | ldap]  [-m <mechanism>]

DESCRIPTION
       chkey  is  used to change a user's secure RPC public key and secret key
       pair. chkey prompts for the old secure-rpc password and	verifies  that
       it is correct by decrypting the secret key. If the user has not already
       used keylogin(1) to decrypt and store the secret key with  keyserv(1M),
       chkey  registers	 the secret key with the local keyserv( 1M) daemon. If
       the secure-rpc password	does  not  match  the  login  password,	 chkey
       prompts	for  the  login	 password.  chkey  uses	 the login password to
       encrypt the user's secret Diffie-Hellman (192 bit)  cryptographic  key.
       chkey  can  also	 encrypt  other Diffie-Hellman keys for authentication
       mechanisms configured using nisauthconf(1M).

       chkey ensures that the login password and the  secure-rpc   password(s)
       are kept the same, thus enabling password shadowing. See shadow(4).

       The  key	 pair  can  be	stored	in  the	 /etc/publickey file (see pub‐
       lickey(4)), the NIS publickey map, or the NIS+ cred.org_dir table. If a
       new  secret key is generated, it will be registered with the local key‐
       serv(1M) daemon. However, only NIS+ can store Diffie-Hellman keys other
       than 192-bits.

       Keys for specific mechanisms can be changed or reencrypted using the -m
       option followed by the  authentication  mechanism  name.	 Multiple   -m
       options	can  be	 used to change one or more keys. However, only mecha‐
       nisms configured using nisauthconf(1M) can be changed with  chkey.

       If the source of the  publickey is not specified with  the  -s  option,
       chkey consults the  publickey entry in the name service switch configu‐
       ration file.  See nsswitch.conf(4). If the  publickey  entry  specifies
       one  and	 only one source, then chkey will change the key in the speci‐
       fied name service. However, if multiple name services are listed, chkey
       can  not	 decide	 which source to update and will display an error mes‐
       sage. The user should specify the source explicitly with the -s option.

       Non root users are not allowed to change their key pair	in  the	 files
       database.

OPTIONS
       The following options are supported:

       -p		       Re-encrypt  the	existing  secret  key with the
			       user's login password.

       -s nisplus	       Update the  NIS+ database.

       -s nis		       Update the NIS database.

       -s files		       Update the  files database.

       -s ldap		       Update the  LDAP database.

       -m <mechanism>	       Changes or re-encrypt the secret	 key  for  the
			       specified mechanism.

FILES
       /etc/nsswitch.conf

       /etc/publickey

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │SUNWcsu			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       keylogin(1),  keylogout(1),  keyserv(1M),  newkey(1M),  nisaddcred(1M),
       nisauthconf(1M),	    nsswitch.conf(4),	  publickey(4),	    shadow(4),
       attributes(5)

NOTES
       NIS+ might not be supported in future releases of the Solaris operating
       system. Tools to aid the migration from NIS+ to LDAP are	 available  in
       the    current	Solaris	  release.   For   more	  information,	 visit
       http://www.sun.com/directory/nisplus/transition.html.

SunOS 5.10			  29 Nov 2005			      chkey(1)
[top]

List of man pages available for Solaris

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net