keyserv Daemon

Purpose

Stores public and private keys.

Syntax

/usr/sbin/keyserv [ -n ]

Description

The keyserv daemon stores the private encryption keys of each user logged into the system. When a user types in a password during a keylogin, the secret key is decrypted. The decrypted key is then stored by the keyserv daemon. These decrypted keys enable the user to access secure network services such as secure Network File System (NFS).

When the keyserv daemon starts, it reads the key for the root directory from the /etc/.rootkey file. This daemon keeps the secure network services operating normally. For instance, after a power failure, when the system restarts itself, it gets the key for the root directory from the /etc/.rootkey file.

Flags

Item Description
-n Prevents the keyserv daemon from reading the key for the root directory from the /etc/.rootkey file. Instead, the keyserv daemon prompts the user for the password to decrypt the root directory's key stored in the network information service map and then stores the decrypted key in the /etc/.rootkey file for future use. This option is useful if the /etc/.rootkey file ever goes out of date or is corrupted.

Examples

  1. To start the keyserv daemon enabling the system to get the key for the root directory from the /etc/.rootkey file, enter: 
    /usr/sbin/keyserv 
  2. A System Resource Controller (SRC) command can also enable the system to get the key for the root directory from the /etc/.rootkey file as follows: 
    startsrc -s keyserv 
    This command sequence starts a script that contains the keyserv daemon.
  3. To prevent the keyserv daemon from reading the key for the root directory from the /etc/rootkey file, enter: 
    chssys -s keyserv -a '-n'
    This command passes the -n argument to the keyserv daemon if SRC is used to start the daemon.

Files

Item Description
/etc/.rootkey Stores the encrypted key for the root directory.