CHKEY(1) User Commands CHKEY(1)
NAME
chkey - change user's secure RPC key pair
SYNOPSIS
chkey [
-p] [
-s nis | files | ldap]
[
-m <mechanism>]
DESCRIPTION
chkey is used to change a user's secure
RPC public key and secret key
pair.
chkey prompts for the old secure-rpc password and verifies that it
is correct by decrypting the secret key. If the user has not already used
keylogin(1) to decrypt and store the secret key with
keyserv(8),
chkey registers the secret key with the local
keyserv(8) daemon. If the
secure-rpc password does not match the login password,
chkey prompts for
the login password.
chkey uses the login password to encrypt the user's
secret Diffie-Hellman (192 bit) cryptographic key.
chkey ensures that the login password and the secure-rpc password(s) are
kept the same, thus enabling password shadowing. See
shadow(5).
The key pair can be stored in the
/etc/publickey file (see
publickey(5))
or the
NIS publickey map. If a new secret key is generated, it will be
registered with the local
keyserv(8) daemon.
Keys for specific mechanisms can be changed or reencrypted using the
-m option followed by the authentication mechanism name. Multiple
-m options can be used to change one or more keys.
If the source of the
publickey is not specified with the
-s option,
chkey consults the
publickey entry in the name service switch
configuration file. See
nsswitch.conf(5). If the
publickey entry
specifies one and only one source, then
chkey will change the key in the
specified name service. However, if multiple name services are listed,
chkey can not decide which source to update and will display an error
message. The user should specify the source explicitly with the
-s option.
Non root users are not allowed to change their key pair in the
files database.
OPTIONS
The following options are supported:
-p Re-encrypt the existing secret key with the user's
login password.
-s nis Update the
NIS database.
-s files Update the
files database.
-s ldap Update the LDAP database.
-m <mechanism> Changes or re-encrypt the secret key for the specified
mechanism.
FILES
/etc/nsswitch.conf /etc/publickeySEE ALSO
keylogin(1),
keylogout(1),
nsswitch.conf(5),
publickey(5),
shadow(5),
attributes(7),
keyserv(8),
newkey(8) February 25, 2017
CHKEY(1)