keyserv - server for storing private encryption keys
keyserv [-c] [-d | -e] [-D] [-n] [-s sizespec]
keyserv is a daemon that is used for storing the private encryption keys
of each user logged into the system. These encryption keys are used for
accessing secure network services such as secure NFS.
Normally, root's key is read from the file /etc/.rootkey
when the daemon is started. This is useful during power-fail reboots when no
one is around to type a password.
keyserv does not start up if the system does not have a
secure rpc domain configured. Set up the domain name by using the
/usr/bin/domainname command. Usually the
svc:/system/identity:domain service reads the domain from
/etc/defaultdomain. Invoking the domainname command without
arguments tells you if you have a domain set up.
The /etc/default/keyserv file contains the following
default parameter settings. See .
Specifies whether default keys for nobody are
used. ENABLE_NOBODY_KEYS=NO is equivalent to the -d command-line
option. The default value for ENABLE_NOBODY_KEYS is YES.
The following options are supported:
Do not use disk caches. This option overrides any
Run in debugging mode and log all requests to
Disable the use of default keys for nobody. See
Enable the use of default keys for nobody. This is
the default behavior. See .
Root's secret key is not read from /etc/.rootkey.
Instead, keyserv prompts the user for the password to decrypt root's
key stored in the publickey database and then stores the decrypted key
in /etc/.rootkey for future use. This option is useful if the
/etc/.rootkey file ever gets out of date or corrupted.
Specify the size of the extended Diffie-Hellman common
key disk caches. The sizespec
can be one of the following forms:
size is an integer specifying the maximum number
of entries in the cache, or an integer immediately followed by the letter
M, denoting the maximum size in MB.
This form of sizespec applies to all caches.
Contains default settings. You can use command-line
options to override these settings.
The keyserv service is managed by the service management facility,
smf(5), under the service identifier:
Administrative actions on this service, such as enabling,
disabling, or requesting restart, can be performed using svcadm(1M).
The service's status can be queried using the svcs(1) command.