Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > C


HP-UX 11i Version 3: February 2007

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index


chkey — change user's secure RPC key pair


chkey [ -p ] [ -s nis | files | ldap ]


chkey is used to change a user's secure RPC public key and secret key pair. chkey prompts for the old secure-rpc password and verifies that it is correct by decrypting the secret key.

If the user has not already used keylogin to decrypt and store the secret key with keyserv, chkey registers the secret key with the local keyserv daemon. If the secure-rpc password does not match the login password, chkey prompts for the login password. chkey uses the login password to encrypt the user's secret Diffie-Hellman (192 bit) cryptographic key.

chkey ensures that the login password and the secure-rpc password are kept the same.

The key pair can be stored in the /etc/publickey file (see publickey(4)), the NIS publickey map, or user entries in the LDAP directory. If a new secret key is generated, it will be registered with the local keyserv daemon.

If the source of the publickey is not specified with the -s option, chkey consults the publickey entry in the name service switch configuration file (see nsswitch.conf(4)). If the publickey entry specifies one and only one source, then chkey will change the key in the specified name service. However, if multiple name services are listed, chkey cannot decide which source to update and will display an error message. The user should specify the source explicitly with the -s option.

Non root users are not allowed to change their key pair in the /etc/publickey file.



Re-encrypt the existing secret key with the user's login password.

-s nis

Update the NIS database.

-s files

Update the files database.

-s ldap

Update the LDAP database.


HP-UX 11i Version 2 is the last HP-UX release on which NIS+ is supported. LDAP is the recommended replacement for NIS+. HP fully supports the industry standard naming services based on LDAP.


chkey was developed by Sun Microsystems, Inc.


/etc/nsswitch.conf /etc/publickey


keylogin(1), keylogout(1), keyserv(1M), newkey(1M), nsswitch.conf(4), publickey(4).

LDAP-UX Client Services Administrator's Guide

LDAP-UX Client Services Release Notes

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.