KEYSERV(8) Maintenance Commands and Procedures KEYSERV(8)
NAME
keyserv - server for storing private encryption keys
SYNOPSIS
keyserv [
-c] [
-d |
-e] [
-D] [
-n] [
-s sizespec]
DESCRIPTION
keyserv is a daemon that is used for storing the private encryption keys
of each user logged into the system. These encryption keys are used for
accessing secure network services such as secure
NFS.
Normally, root's key is read from the file
/etc/.rootkey when the daemon
is started. This is useful during power-fail reboots when no one is
around to type a password.
keyserv does not start up if the system does not have a secure
rpc domain
configured. Set up the domain name by using the
/usr/bin/domainname command. Usually the
svc:/system/identity:domain service reads the domain
from
/etc/defaultdomain. Invoking the
domainname command without
arguments tells you if you have a domain set up.
The
/etc/default/keyserv file contains the following default parameter
settings. See .
ENABLE_NOBODY_KEYS Specifies whether default keys for
nobody are used.
ENABLE_NOBODY_KEYS=NO is equivalent to the
-d command-line option. The default value for
ENABLE_NOBODY_KEYS is
YES.
OPTIONS
The following options are supported:
-c Do not use disk caches. This option overrides any
-s option.
-D Run in debugging mode and log all requests to
keyserv.
-d Disable the use of default keys for
nobody. See .
-e Enable the use of default keys for
nobody. This is the
default behavior. See .
-n Root's secret key is not read from
/etc/.rootkey. Instead,
keyserv prompts the user for the password to decrypt
root's key stored in the
publickey database and then
stores the decrypted key in
/etc/.rootkey for future use.
This option is useful if the
/etc/.rootkey file ever gets
out of date or corrupted.
-s sizespec Specify the size of the extended Diffie-Hellman common key
disk caches. The
sizespec can be one of the following
forms:
mechtype=
size size is an integer specifying the maximum
number of entries in the cache, or an
integer immediately followed by the
letter
M, denoting the maximum size in
MB.
size This form of
sizespec applies to all
caches.
FILES
/etc/.rootkey /etc/default/keyserv Contains default settings. You can use command-
line options to override these settings.
SEE ALSO
keylogin(1),
keylogout(1),
svcs(1),
publickey(5),
attributes(7),
smf(7),
svcadm(8)NOTES
The
keyserv service is managed by the service management facility,
smf(7), under the service identifier:
svc:/network/rpc/keyserv:default
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using
svcadm(8). The service's
status can be queried using the
svcs(1) command.
February 25, 2017
KEYSERV(8)