KEYSERV(8) Maintenance Commands and Procedures KEYSERV(8)
NAME
keyserv - server for storing private encryption keys
SYNOPSIS
keyserv [
-c] [
-d |
-e] [
-D] [
-n] [
-s sizespec]
DESCRIPTION
keyserv is a daemon that is used for storing the private encryption
keys of each user logged into the system. These encryption keys are
used for accessing secure network services such as secure
NFS.
Normally, root's key is read from the file
/etc/.rootkey when the
daemon is started. This is useful during power-fail reboots when no
one is around to type a password.
keyserv does not start up if the system does not have a secure
rpc domain configured. Set up the domain name by using the
/usr/bin/domainname command. Usually the
svc:/system/identity:domain service reads the domain from
/etc/defaultdomain. Invoking the
domainname command without arguments tells you if you have a domain
set up.
The
/etc/default/keyserv file contains the following default
parameter settings. See .
ENABLE_NOBODY_KEYS Specifies whether default keys for
nobody are
used.
ENABLE_NOBODY_KEYS=NO is equivalent to
the
-d command-line option. The default value
for
ENABLE_NOBODY_KEYS is
YES.
OPTIONS
The following options are supported:
-c Do not use disk caches. This option overrides any
-s option.
-D Run in debugging mode and log all requests to
keyserv.
-d Disable the use of default keys for
nobody. See .
-e Enable the use of default keys for
nobody. This is the
default behavior. See .
-n Root's secret key is not read from
/etc/.rootkey.
Instead,
keyserv prompts the user for the password to
decrypt root's key stored in the
publickey database
and then stores the decrypted key in
/etc/.rootkey for
future use. This option is useful if the
/etc/.rootkey file ever gets out of date or corrupted.
-s sizespec Specify the size of the extended Diffie-Hellman common
key disk caches. The
sizespec can be one of the
following forms:
mechtype=
size size is an integer specifying the
maximum number of entries in the
cache, or an integer immediately
followed by the letter
M, denoting
the maximum size in MB.
size This form of
sizespec applies to all
caches.
FILES
/etc/.rootkey /etc/default/keyserv Contains default settings. You can use
command-line options to override these
settings.
SEE ALSO
keylogin(1),
keylogout(1),
svcs(1),
publickey(5),
attributes(7),
smf(7),
svcadm(8)NOTES
The
keyserv service is managed by the service management facility,
smf(7), under the service identifier:
svc:/network/rpc/keyserv:default
Administrative actions on this service, such as enabling, disabling,
or requesting restart, can be performed using
svcadm(8). The
service's status can be queried using the
svcs(1) command.
February 25, 2017 KEYSERV(8)
