Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   20441 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

chkey(1)			 User Commands			      chkey(1)

NAME
       chkey - change user's secure RPC key pair

SYNOPSIS
       chkey [-p] [-s nis | files | ldap]
	    [-m <mechanism>]

DESCRIPTION
       chkey  is  used to change a user's secure RPC public key and secret key
       pair. chkey prompts for the old secure-rpc password and	verifies  that
       it is correct by decrypting the secret key. If the user has not already
       used keylogin(1) to decrypt and store the secret key with  keyserv(1M),
       chkey  registers	 the  secret key with the local keyserv(1M) daemon. If
       the secure-rpc password	does  not  match  the  login  password,	 chkey
       prompts	for  the  login	 password.  chkey  uses	 the login password to
       encrypt the user's secret Diffie-Hellman (192 bit)  cryptographic  key.
       chkey  can  also	 encrypt  other Diffie-Hellman keys for authentication
       mechanisms configured.

       chkey ensures that the login password and the  secure-rpc   password(s)
       are kept the same, thus enabling password shadowing. See shadow(4).

       The  key	 pair  can  be	stored	in  the	 /etc/publickey file (see pub‐
       lickey(4)) or the NIS publickey map. If a new secret key is  generated,
       it will be registered with the local keyserv(1M) daemon.

       Keys  for  specific mechanisms can be changed or re-encrypted using the
       -m option followed by the authentication mechanism name.	 Multiple   -m
       options can be used to change one or more keys.

       If  the	source	of the	publickey is not specified with the -s option,
       chkey consults the  publickey entry in the name service switch configu‐
       ration  file.   See nsswitch.conf(4). If the  publickey entry specifies
       one and only one source, then chkey will change the key in  the	speci‐
       fied name service. However, if multiple name services are listed, chkey
       can not decide which source to update and will display  an  error  mes‐
       sage. The user should specify the source explicitly with the -s option.

       Non  root  users	 are not allowed to change their key pair in the files
       database.

OPTIONS
       The following options are supported:

       -p		 Re-encrypt the existing secret key  with  the	user's
			 login password.

       -s nis		 Update the NIS database.

       -s files		 Update the  files database.

       -s ldap		 Update the  LDAP database.

       -m <mechanism>	 Changes  or  re-encrypt the secret key for the speci‐
			 fied mechanism.

FILES
       /etc/nsswitch.conf

       /etc/publickey

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │SUNWcs			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       keylogin(1), keylogout(1), keyserv(1M),	newkey(1M),  nsswitch.conf(4),
       publickey(4), shadow(4), attributes(5)

SunOS 5.11			  10 Dec 2009			      chkey(1)

Vote for polarhome