freebsd_amp_hwpstate/usr.sbin/keyserv/keyserv.8

.\" @(#)keyserv.1m 1.21 93/07/14 SMI; from SVr4
.\"macro stdmacro
.\" Copyright 1989 AT&T
.\" @(#)keyserv.8c 1.8 89/03/29 SMI;
.\" $FreeBSD$
.\".TH KEYSERV 8C "9 September 1987"
.Dd September 14, 1992
.Dt KEYSERV 8
.Os
.Sh NAME
.Nm keyserv
.Nd server for storing private encryption keys
.Sh SYNOPSIS
.Nm
.Op Fl d
.Op Fl D
.Op Fl n
.Op Fl p Ar path
.Op Fl v
.Sh DESCRIPTION
The
.Nm
utility is a daemon that is used for storing the
private encryption keys of each
user logged into the system.
These encryption keys are used for accessing
secure network services such as secure
.Tn NFS .
.Pp
Normally, root's key is read from the file
.Pa /etc/.rootkey
when the daemon is started.
This is useful during power-fail reboots
when no one is around to type a password.
.Pp
If a client with no secret key calls
.Nm ,
then the key of user
.Em nobody
is used instead as the default key.
.Pp
The following options are available:
.Bl -tag -width indent
.It Fl d
Disable the use of default keys for
.Em nobody .
.It Fl D
Run in debugging mode and log all requests to
.Nm .
.It Fl n
Root's secret key is not read from
.Pa /etc/.rootkey .
Instead,
.Nm
prompts the user for the password to decrypt
root's key stored in the
.Pa /etc/publickey
database and then stores the decrypted key in
.Pa /etc/.rootkey
for future use.
This option is useful if the
.Pa /etc/.rootkey
file ever gets out of date or corrupted.
.It Fl p Ar path
Specify where to search for
.Pa libdes.so.3 .
Default is
.Pa /usr/lib .
.It Fl v
Display status of DES support (enabled/disabled).
.El
.Sh FILES
.Bl -tag -width /usr/lib/libdes.so.3 -compact
.It Pa /etc/.rootkey
.It Pa /usr/lib/libdes.so.3
.El
.Sh "SEE ALSO"
.Xr keylogin 1 ,
.Xr keylogout 1 ,
.Xr publickey 5
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`.\" @(#)keyserv.1m 1.21 93/07/14 SMI; from SVr4`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.\"macro stdmacro`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`.\" Copyright 1989 AT&T`
			`.\" @(#)keyserv.8c 1.8 89/03/29 SMI;`
$Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00			`.\" $FreeBSD$`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`.\".TH KEYSERV 8C "9 September 1987"`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.Dd September 14, 1992`
			`.Dt KEYSERV 8`
			`.Os`
			`.Sh NAME`
			`.Nm keyserv`
			`.Nd server for storing private encryption keys`
			`.Sh SYNOPSIS`
mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00			`.Nm`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.Op Fl d`
			`.Op Fl D`
			`.Op Fl n`
			`.Op Fl p Ar path`
			`.Op Fl v`
			`.Sh DESCRIPTION`
The .Nm utility 2002-07-14 14:47:15 +00:00			`The`
			`.Nm`
			`utility is a daemon that is used for storing the`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`private encryption keys of each`
			`user logged into the system.`
			`These encryption keys are used for accessing`
The .Nm utility 2002-07-14 14:47:15 +00:00			`secure network services such as secure`
			`.Tn NFS .`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.Pp`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`Normally, root's key is read from the file`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.Pa /etc/.rootkey`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`when the daemon is started.`
			`This is useful during power-fail reboots`
Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00			`when no one is around to type a password.`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.Pp`
Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00			`If a client with no secret key calls`
mdoc(7) police: Removed redundant .Ns calls. 2002-08-13 16:07:28 +00:00			`.Nm ,`
Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00			`then the key of user`
			`.Em nobody`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`is used instead as the default key.`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.Pp`
			`The following options are available:`
			`.Bl -tag -width indent`
			`.It Fl d`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`Disable the use of default keys for`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.Em nobody .`
			`.It Fl D`
Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00			`Run in debugging mode and log all requests to`
mdoc(7) police: Removed redundant .Ns calls. 2002-08-13 16:07:28 +00:00			`.Nm .`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.It Fl n`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`Root's secret key is not read from`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.Pa /etc/.rootkey .`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`Instead,`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.Nm`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`prompts the user for the password to decrypt`
			`root's key stored in the`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.Pa /etc/publickey`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`database and then stores the decrypted key in`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.Pa /etc/.rootkey`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`for future use.`
			`This option is useful if the`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.Pa /etc/.rootkey`
Import of the keyserv daemon needed for Secure RPC. This version supports both the keyserv v1 and v2 protocols. It uses the new AF_LOCAL transport so that only local processes can use it for storing/retrieving keys, and it uses the SCM_CREDS kernel hack for authentication. With these two modifications, we don't need the keyenvoy program normally used with RPC 4.0. Note that if libdes.so.3.x is present on the system when keyserv is started, Secure RPC will run with normal DES encryption. If not, everything falls back to RC4 with a 40 bit key. 1997-05-28 15:44:22 +00:00			`file ever gets out of date or corrupted.`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.It Fl p Ar path`
			`Specify where to search for`
			`.Pa libdes.so.3 .`
			`Default is`
			`.Pa /usr/lib .`
			`.It Fl v`
			`Display status of DES support (enabled/disabled).`
			`.El`
			`.Sh FILES`
The .Nm utility 2002-07-14 14:47:15 +00:00			`.Bl -tag -width /usr/lib/libdes.so.3 -compact`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.It Pa /etc/.rootkey`
mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:44:04 +00:00			`.It Pa /usr/lib/libdes.so.3`
Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. 1997-09-23 06:36:27 +00:00			`.El`
			`.Sh "SEE ALSO"`
			`.Xr keylogin 1 ,`
			`.Xr keylogout 1 ,`
			`.Xr publickey 5`