NAME
keyserv — server for storing private encryption keys
SYNOPSIS
keyserv
[
-d | -e
] [
-D
] [
-n
]
DESCRIPTION
keyserv
is a daemon that is used for storing the
private encryption keys of each
user logged into the system.
These encryption keys are used for accessing
secure network services such as secure NFS.
Normally, root's key is read from the file
/etc/.rootkey
when the daemon is started.
This is useful during power-fail reboots
when no one is around to type a password.
keyserv
will not start up if the system does not
have a secure RPC domain configured.
The domain name can be set up by using the
/usr/bin/domainname
command.
Invoking the
domainname
command without arguments
will display whether the user has a domain set up.
The
/etc/default/keyserv
file contains the following default parameter
settings.
- ENABLE_NOBODY_KEYS
Specifies whether default keys for
nobody
are used.
The default value is
ENABLE_NOBODY_KEYS=YES.
ENABLE_NOBODY_KEYS=NO
is equivalent to the
-d
command-line option.
Options
- -d
Disable the use of default keys for
nobody.
- -e
Enable the use of default keys for
nobody.
This is the default behavior.
- -D
Run in debugging mode and log all requests to
keyserv
to
/var/nfs/keyserv.log.
- -n
Root's secret key is not read from
/etc/.rootkey.
Instead,
keyserv
prompts the user for the password to decrypt
root's key stored in the
publickey
database and then stores the decrypted key in
/etc/.rootkey
for future use.
This option is useful if the
/etc/.rootkey
file ever gets out-of-date or corrupted.
WARNINGS
HP-UX 11i Version 2 is the last HP-UX release on which NIS+ is
supported. LDAP is the recommended replacement for NIS+.
HP fully supports the industry standard naming services based on LDAP.
AUTHOR
keyserv
was developed by Sun Microsystems, Inc.
FILES
- /etc/.rootkey
Contains root's key.
- /etc/default/keyserv
Contains default settings.
You can use command-line options to override these settings.
- /var/nfs/keyserv.log
Log file
Printable version
