|Skip Navigation Links|
|Exit Print View|
|System Administration Guide: Naming and Directory Services (NIS+)|
The chkey command changes an NIS+ principal's public and private keys that are stored in the cred table. It does not affect the principal's entry either in the passwd table or in the /etc/passwd file.
Generates new keys and encrypts the private key with the password. Run chkey with the -p option to re-encrypt the existing private key with a new password.
Generates a new Diffie-Hellman key pair and encrypts the private key with the password you provide. (Multiple Diffie-Hellman key pairs can exist for each principal.) In most cases, however, you do not want a new keypair, you want to re-encrypt your current existing private key with the new password. To do this, run chkey with the -p option.
See the man pages for more information on these subjects.
Note - In an NIS+ environment, when you change your login password with any of the current administration tools or the passwd (or nispasswd) commands, your private key in the cred table is automatically re-encrypted with the new password for you. Thus, you do not need to explicitly run chkey after a change of login password.
In order to run chkey, you:
Must have an entry in the passwd table of your home domain. Failure to meet this requirement will result in an error message.
Must have modify rights to the cred table. If you do not have modify rights you will get a “permission denied” type of error message.
Must know the original password with which the private key in the cred table was encrypted. (In most cases, this your Secure RPC password.)
To use the chkey command to re-encrypt your private key with your login password, you first run keylogin using the original password, and then use chkey -p, as shown in Table 13-1, which illustrates how to perform a keylogin and chkey for a principal user.
Table 13-1 Re-encrypting Your NIS+ Private Key: Command Summary