'\" te .\" Copyright 1989 AT&T .\" Copyright (C) 2005, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] .TH KEYSERV 1M "Jan 4, 2002" .SH NAME keyserv \- server for storing private encryption keys .SH SYNOPSIS .LP .nf \fBkeyserv\fR [\fB-c\fR] [\fB-d\fR | \fB-e\fR] [\fB-D\fR] [\fB-n\fR] [\fB-s\fR \fIsizespec\fR] .fi .SH DESCRIPTION .sp .LP \fBkeyserv\fR is a daemon that is used for storing the private encryption keys of each user logged into the system. These encryption keys are used for accessing secure network services such as secure \fBNFS\fR and NIS+. .sp .LP Normally, root's key is read from the file \fB/etc/.rootkey\fR when the daemon is started. This is useful during power-fail reboots when no one is around to type a password. .sp .LP \fBkeyserv\fR does not start up if the system does not have a secure \fBrpc\fR domain configured. Set up the domain name by using the \fB/usr/bin/domainname\fR command. Usually the \fBsvc:/system/identity:domain\fR service reads the domain from \fB/etc/defaultdomain\fR. Invoking the \fBdomainname\fR command without arguments tells you if you have a domain set up. .sp .LP The \fB/etc/default/keyserv\fR file contains the following default parameter settings. See . .sp .ne 2 .na \fB\fBENABLE_NOBODY_KEYS\fR\fR .ad .RS 22n Specifies whether default keys for \fBnobody\fR are used. \fBENABLE_NOBODY_KEYS=NO\fR is equivalent to the \fB-d\fR command-line option. The default value for \fBENABLE_NOBODY_KEYS\fR is \fBYES\fR. .RE .SH OPTIONS .sp .LP The following options are supported: .sp .ne 2 .na \fB\fB-c\fR\fR .ad .RS 15n Do not use disk caches. This option overrides any \fB-s\fR option. .RE .sp .ne 2 .na \fB\fB-D\fR\fR .ad .RS 15n Run in debugging mode and log all requests to \fBkeyserv\fR. .RE .sp .ne 2 .na \fB\fB-d\fR\fR .ad .RS 15n Disable the use of default keys for \fBnobody\fR. See . .RE .sp .ne 2 .na \fB\fB-e\fR\fR .ad .RS 15n Enable the use of default keys for \fBnobody\fR. This is the default behavior. See . .RE .sp .ne 2 .na \fB\fB-n\fR\fR .ad .RS 15n Root's secret key is not read from \fB/etc/.rootkey\fR. Instead, \fBkeyserv\fR prompts the user for the password to decrypt root's key stored in the \fBpublickey\fR database and then stores the decrypted key in \fB/etc/.rootkey\fR for future use. This option is useful if the \fB/etc/.rootkey\fR file ever gets out of date or corrupted. .RE .sp .ne 2 .na \fB\fB-s\fR \fIsizespec\fR\fR .ad .RS 15n Specify the size of the extended Diffie-Hellman common key disk caches. The \fIsizespec\fR can be one of the following forms: .sp .ne 2 .na \fB\fImechtype\fR=\fBsize\fR\fR .ad .RS 17n \fBsize\fR is an integer specifying the maximum number of entries in the cache, or an integer immediately followed by the letter \fIM\fR, denoting the maximum size in MB. .RE .sp .ne 2 .na \fB\fBsize\fR\fR .ad .RS 17n This form of \fIsizespec\fR applies to all caches. .RE See \fBnisauthconf\fR(1M) for mechanism types. Note that the \fBdes\fR mechanism, \fBAUTH_DES\fR, does not use a disk cache. .RE .SH FILES .sp .ne 2 .na \fB\fB/etc/.rootkey\fR\fR .ad .RS 24n .RE .sp .ne 2 .na \fB\fB/etc/default/keyserv\fR\fR .ad .RS 24n Contains default settings. You can use command-line options to override these settings. .RE .SH SEE ALSO .sp .LP \fBkeylogin\fR(1), \fBsvcs\fR(1), \fBkeylogout\fR(1), \fBnisauthconf\fR(1M), \fBsvcadm\fR(1M), \fBpublickey\fR(4), \fBattributes\fR(5), \fBsmf\fR(5) .sp .LP http://www.sun.com/directory/nisplus/transition.html .SH NOTES .sp .LP NIS+ might not be supported in future releases of the Solaris operating system. Tools to aid the migration from NIS+ to LDAP are available in the current Solaris release. For more information, visit http://www.sun.com/directory/nisplus/transition.html. .sp .LP The \fBkeyserv\fR service is managed by the service management facility, \fBsmf\fR(5), under the service identifier: .sp .in +2 .nf svc:/network/rpc/keyserv:default .fi .in -2 .sp .sp .LP Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using \fBsvcadm\fR(1M). The service's status can be queried using the \fBsvcs\fR(1) command.