keyserv Daemon
Purpose
Stores public and private keys.
Syntax
/usr/sbin/keyserv [ -n ]
Description
The keyserv daemon stores the private encryption keys of each user logged into the system. When a user types in a password during a keylogin, the secret key is decrypted. The decrypted key is then stored by the keyserv daemon. These decrypted keys enable the user to access secure network services such as secure Network File System (NFS).
When the keyserv daemon starts, it reads the key for the root directory from the /etc/.rootkey file. This daemon keeps the secure network services operating normally. For instance, after a power failure, when the system restarts itself, it gets the key for the root directory from the /etc/.rootkey file.
Flags
| Item | Description |
|---|---|
| -n | Prevents the keyserv daemon from reading the key for the root directory from the /etc/.rootkey file. Instead, the keyserv daemon prompts the user for the password to decrypt the root directory's key stored in the network information service map and then stores the decrypted key in the /etc/.rootkey file for future use. This option is useful if the /etc/.rootkey file ever goes out of date or is corrupted. |
Examples
- To start the keyserv daemon
enabling the system to get the key for the root directory from the /etc/.rootkey file,
enter:
/usr/sbin/keyserv - A System Resource Controller
(SRC) command can also enable the system to get the key for the root
directory from the /etc/.rootkey file as follows:
This command sequence starts a script that contains the keyserv daemon.startsrc -s keyserv - To prevent the keyserv daemon
from reading the key for the root directory from the /etc/rootkey file,
enter:
This command passes the -n argument to the keyserv daemon if SRC is used to start the daemon.chssys -s keyserv -a '-n'
Files
| Item | Description |
|---|---|
| /etc/.rootkey | Stores the encrypted key for the root directory. |