System Administration Commands keyserv(1M)
NAME
keyserv - server for storing private encryption keys
SYNOPSIS
keyserv [-c] [-d | -e] [-D] [-n] [-s sizespec]
DESCRIPTION
keyserv is a daemon that is used for storing the private
encryption keys of each user logged into the system. Theseencryption keys are used for accessing secure network ser-
vices such as secure NFS. Normally, root's key is read from the file /etc/.rootkeywhen the daemon is started. This is useful during power-fail
reboots when no one is around to type a password.keyserv does not start up if the system does not have a
secure rpc domain configured. Set up the domain name by using the /usr/bin/domainname command. Usually the svc:/system/identity:domain service reads the domain from /etc/defaultdomain. Invoking the domainname command without arguments tells you if you have a domain set up.The /etc/default/keyserv file contains the following default
parameter settings. See .ENABLE_NOBODY_KEYS Specifies whether default keys for
nobody are used. ENABLE_NOBODY_KEYS=NO
is equivalent to the -d command-line
option. The default value forENABLE_NOBODY_KEYS is YES.
OPTIONS The following options are supported:-c Do not use disk caches. This option overrides
any -s option.
-D Run in debugging mode and log all requests to
keyserv.
-d Disable the use of default keys for nobody.
See .SunOS 5.11 Last change: 11 Dec 2009 1
System Administration Commands keyserv(1M)
-e Enable the use of default keys for nobody.
This is the default behavior. See .-n Root's secret key is not read from
/etc/.rootkey. Instead, keyserv prompts the
user for the password to decrypt root's key stored in the publickey database and then stores the decrypted key in /etc/.rootkey for future use. This option is useful if the /etc/.rootkey file ever gets out of date or corrupted.-s sizespec Specify the size of the extended Diffie-
Hellman common key disk caches. The sizespec can be one of the following forms:mechtype=size size is an integer specify-
ing the maximum number of entries in the cache, or an integer immediately followed by the letter M, denoting the maximum size in MB. size This form of sizespec applies to all caches.Note that the des mechanism, AUTH_DES, does
not use a disk cache. FILES /etc/.rootkey/etc/default/keyserv Contains default settings. You can
use command-line options to override
these settings.ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:SunOS 5.11 Last change: 11 Dec 2009 2
System Administration Commands keyserv(1M)
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcs ||_____________________________|_____________________________|
SEE ALSO
keylogin(1), svcs(1), keylogout(1), svcadm(1M), pub-
lickey(4), attributes(5), smf(5) NOTESThe keyserv service is managed by the service management
facility, smf(5), under the service identifier:svc:/network/rpc/keyserv:default
Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The service's status can be queried using the svcs(1) command.SunOS 5.11 Last change: 11 Dec 2009 3