The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

chkey (1)
  • >> chkey (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  • chkey (1) ( FreeBSD man: Команды и прикладные программы пользовательского уровня )
  •  

    NAME

    chkey - change user's secure RPC key pair
     
    

    SYNOPSIS

    chkey [-p] [-s nisplus | nis | files | ldap] 
        [-m <mechanism>]
    

     

    DESCRIPTION

    chkey is used to change a user's secure RPC public key and secret key pair. chkey prompts for the old secure-rpc password and verifies that it is correct by decrypting the secret key. If the user has not already used keylogin(1) to decrypt and store the secret key with keyserv(1M), chkey registers the secret key with the local keyserv(1M) daemon. If the secure-rpc password does not match the login password, chkey prompts for the login password. chkey uses the login password to encrypt the user's secret Diffie-Hellman (192 bit) cryptographic key. chkey can also encrypt other Diffie-Hellman keys for authentication mechanisms configured using nisauthconf(1M).

    chkey ensures that the login password and the secure-rpc password(s) are kept the same, thus enabling password shadowing. See shadow(4).

    The key pair can be stored in the /etc/publickey file (see publickey(4)), the NIS publickey map, or the NIS+ cred.org_dir table. If a new secret key is generated, it will be registered with the local keyserv(1M) daemon. However, only NIS+ can store Diffie-Hellman keys other than 192-bits.

    Keys for specific mechanisms can be changed or reencrypted using the -m option followed by the authentication mechanism name. Multiple -m options can be used to change one or more keys. However, only mechanisms configured using nisauthconf(1M) can be changed with chkey.

    If the source of the publickey is not specified with the -s option, chkey consults the publickey entry in the name service switch configuration file. See nsswitch.conf(4). If the publickey entry specifies one and only one source, then chkey will change the key in the specified name service. However, if multiple name services are listed, chkey can not decide which source to update and will display an error message. The user should specify the source explicitly with the -s option.

    Non root users are not allowed to change their key pair in the files database.  

    OPTIONS

    The following options are supported:

    -p

    Re-encrypt the existing secret key with the user's login password.

    -s nisplus

    Update the NIS+ database.

    -s nis

    Update the NIS database.

    -s files

    Update the files database.

    -s ldap

    Update the LDAP database.

    -m <mechanism>

    Changes or re-encrypt the secret key for the specified mechanism.

     

    FILES

    /etc/nsswitch.conf

    /etc/publickey

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    AvailabilitySUNWcsu

     

    SEE ALSO

    keylogin(1), keylogout(1), keyserv(1M), newkey(1M), nisaddcred(1M), nisauthconf(1M), nsswitch.conf(4), publickey(4), shadow(4), attributes(5)  

    NOTES

    NIS+ might not be supported in future releases of the Solaris operating system. Tools to aid the migration from NIS+ to LDAP are available in the current Solaris release. For more information, visit http://www.sun.com/directory/nisplus/transition.html.


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    OPTIONS
    FILES
    ATTRIBUTES
    SEE ALSO
    NOTES


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру