CHKEY(1) User Commands CHKEY(1)

NAME


chkey - change user's secure RPC key pair

SYNOPSIS


chkey [-p] [-s nis | files | ldap]
[-m <mechanism>]


DESCRIPTION


chkey is used to change a user's secure RPC public key and secret key
pair. chkey prompts for the old secure-rpc password and verifies that
it is correct by decrypting the secret key. If the user has not
already used keylogin(1) to decrypt and store the secret key with
keyserv(8), chkey registers the secret key with the local keyserv(8)
daemon. If the secure-rpc password does not match the login
password, chkey prompts for the login password. chkey uses the login
password to encrypt the user's secret Diffie-Hellman (192 bit)
cryptographic key.


chkey ensures that the login password and the secure-rpc password(s)
are kept the same, thus enabling password shadowing. See shadow(5).


The key pair can be stored in the /etc/publickey file (see
publickey(5)) or the NIS publickey map. If a new secret key is
generated, it will be registered with the local keyserv(8) daemon.


Keys for specific mechanisms can be changed or reencrypted using the
-m option followed by the authentication mechanism name. Multiple -m
options can be used to change one or more keys.


If the source of the publickey is not specified with the -s option,
chkey consults the publickey entry in the name service switch
configuration file. See nsswitch.conf(5). If the publickey entry
specifies one and only one source, then chkey will change the key in
the specified name service. However, if multiple name services are
listed, chkey can not decide which source to update and will display
an error message. The user should specify the source explicitly with
the -s option.


Non root users are not allowed to change their key pair in the files
database.

OPTIONS


The following options are supported:

-p
Re-encrypt the existing secret key with the user's
login password.


-s nis
Update the NIS database.


-s files
Update the files database.


-s ldap
Update the LDAP database.


-m <mechanism>
Changes or re-encrypt the secret key for the
specified mechanism.


FILES


/etc/nsswitch.conf


/etc/publickey


SEE ALSO


keylogin(1), keylogout(1), nsswitch.conf(5), publickey(5), shadow(5),
attributes(7), keyserv(8), newkey(8)

February 25, 2017 CHKEY(1)
tribblix@gmail.com :: GitHub :: Privacy