NAME
chkey — change user's secure RPC key pair
SYNOPSIS
chkey
[
-p
]
[
-s
nis | files | ldap ]
DESCRIPTION
chkey
is used to change a user's secure RPC public key and secret key
pair.
chkey
prompts for the old secure-rpc password and verifies
that it is correct by decrypting
the secret key.
If the user has not already used
keylogin
to decrypt and store the secret key with
keyserv,
chkey
registers the secret key with the local
keyserv
daemon.
If the secure-rpc password does not match the login password,
chkey
prompts for the
login password.
chkey
uses the login password to encrypt the user's secret
Diffie-Hellman (192 bit) cryptographic key.
chkey
ensures that the login password and the secure-rpc
password are kept the same.
The key pair can be stored in the
/etc/publickey
file (see
publickey(4)),
the NIS
publickey
map, or
user
entries in the LDAP directory.
If a new secret key
is generated, it will be registered with the local
keyserv
daemon.
If the source of the
publickey
is not specified with the
-s
option,
chkey
consults the
publickey
entry in the
name service switch configuration file
(see
nsswitch.conf(4)).
If the
publickey
entry specifies one and only one source, then
chkey
will change the key in the specified name service.
However, if multiple name services are listed,
chkey
cannot
decide which source to update and will display an error message.
The user should specify the source explicitly with the
-s
option.
Non root users are not allowed to change their key pair in the
/etc/publickey
file.
Options
- -p
Re-encrypt the existing secret key with the user's
login password.
- -s nis
Update the
NIS
database.
- -s files
Update the
files
database.
- -s ldap
Update the
LDAP
database.
WARNINGS
HP-UX 11i Version 2 is the last HP-UX release on which NIS+ is
supported. LDAP is the recommended replacement for NIS+. HP
fully supports the industry standard naming services based on LDAP.
AUTHOR
chkey
was developed by Sun Microsystems, Inc.
FILES
/etc/nsswitch.conf
/etc/publickey
Printable version
