1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
'\" te
.\" Copyright 1989 AT&T
.\" Copyright (C) 2005, Sun Microsystems, Inc. All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH KEYSERV 8 "Feb 25, 2017"
.SH NAME
keyserv \- server for storing private encryption keys
.SH SYNOPSIS
.LP
.nf
\fBkeyserv\fR [\fB-c\fR] [\fB-d\fR | \fB-e\fR] [\fB-D\fR] [\fB-n\fR] [\fB-s\fR \fIsizespec\fR]
.fi
.SH DESCRIPTION
.LP
\fBkeyserv\fR is a daemon that is used for storing the private encryption keys
of each user logged into the system. These encryption keys are used for
accessing secure network services such as secure \fBNFS\fR.
.sp
.LP
Normally, root's key is read from the file \fB/etc/.rootkey\fR when the daemon
is started. This is useful during power-fail reboots when no one is around to
type a password.
.sp
.LP
\fBkeyserv\fR does not start up if the system does not have a secure \fBrpc\fR
domain configured. Set up the domain name by using the
\fB/usr/bin/domainname\fR command. Usually the
\fBsvc:/system/identity:domain\fR service reads the domain from
\fB/etc/defaultdomain\fR. Invoking the \fBdomainname\fR command without
arguments tells you if you have a domain set up.
.sp
.LP
The \fB/etc/default/keyserv\fR file contains the following default parameter
settings. See .
.sp
.ne 2
.na
\fB\fBENABLE_NOBODY_KEYS\fR\fR
.ad
.RS 22n
Specifies whether default keys for \fBnobody\fR are used.
\fBENABLE_NOBODY_KEYS=NO\fR is equivalent to the \fB-d\fR command-line option.
The default value for \fBENABLE_NOBODY_KEYS\fR is \fBYES\fR.
.RE
.SH OPTIONS
.LP
The following options are supported:
.sp
.ne 2
.na
\fB\fB-c\fR\fR
.ad
.RS 15n
Do not use disk caches. This option overrides any \fB-s\fR option.
.RE
.sp
.ne 2
.na
\fB\fB-D\fR\fR
.ad
.RS 15n
Run in debugging mode and log all requests to \fBkeyserv\fR.
.RE
.sp
.ne 2
.na
\fB\fB-d\fR\fR
.ad
.RS 15n
Disable the use of default keys for \fBnobody\fR. See .
.RE
.sp
.ne 2
.na
\fB\fB-e\fR\fR
.ad
.RS 15n
Enable the use of default keys for \fBnobody\fR. This is the default behavior.
See .
.RE
.sp
.ne 2
.na
\fB\fB-n\fR\fR
.ad
.RS 15n
Root's secret key is not read from \fB/etc/.rootkey\fR. Instead, \fBkeyserv\fR
prompts the user for the password to decrypt root's key stored in the
\fBpublickey\fR database and then stores the decrypted key in
\fB/etc/.rootkey\fR for future use. This option is useful if the
\fB/etc/.rootkey\fR file ever gets out of date or corrupted.
.RE
.sp
.ne 2
.na
\fB\fB-s\fR \fIsizespec\fR\fR
.ad
.RS 15n
Specify the size of the extended Diffie-Hellman common key disk caches. The
\fIsizespec\fR can be one of the following forms:
.sp
.ne 2
.na
\fB\fImechtype\fR=\fBsize\fR\fR
.ad
.RS 17n
\fBsize\fR is an integer specifying the maximum number of entries in the cache,
or an integer immediately followed by the letter \fIM\fR, denoting the maximum
size in MB.
.RE
.sp
.ne 2
.na
\fB\fBsize\fR\fR
.ad
.RS 17n
This form of \fIsizespec\fR applies to all caches.
.RE
.SH FILES
.ne 2
.na
\fB\fB/etc/.rootkey\fR\fR
.ad
.RS 24n
.RE
.sp
.ne 2
.na
\fB\fB/etc/default/keyserv\fR\fR
.ad
.RS 24n
Contains default settings. You can use command-line options to override these
settings.
.RE
.SH SEE ALSO
.LP
.BR keylogin (1),
.BR keylogout (1),
.BR svcs (1),
.BR publickey (5),
.BR attributes (7),
.BR smf (7),
.BR svcadm (8)
.SH NOTES
.LP
The \fBkeyserv\fR service is managed by the service management facility,
\fBsmf\fR(7), under the service identifier:
.sp
.in +2
.nf
svc:/network/rpc/keyserv:default
.fi
.in -2
.sp
.sp
.LP
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using \fBsvcadm\fR(8). The service's
status can be queried using the \fBsvcs\fR(1) command.
|
