The /etc/publickey file is a database of public/secret key pairs. The file contains pairs for users and hosts authorized to use Secure RPC. Remote procedures that use the DES authentication protocol (built into the RPC software) expect to find public/secret key pairs (for the processes that call them) in /etc/publickey. A system administrator must therefore add an entry to /etc/publickey for each user/host to be granted access to Secure RPC resources. A single /etc/publickey file (on a master server or on a collection of master and slave servers) is used and shared over the network using NIS by machines having access to the file.
On the domain master server machine (only), the system administrator grants a user or host access to Secure RPC in that domain by adding an entry to the /etc/publickey file. This is accomplished using the newkey(1Mbnu) command.
For example, to add an entry for the user alice
the system administrator would enter the following
command on the master server:
newkey -u alice
The -u option signifies that alice is a user ID. The domain field for this entry is the domain of the master server on which this command is executed. This is the only way that user alice can get access to this particular Secure RPC domain.
The newkey command with the -h option
can also be used by root on the master server
to give access to hosts:
newkey -h client
Within the domain of Secure RPC users having entries in a master /etc/publickey file, all user names and IDs must be unique. The -h option is provided to allow more than one root user to have access to Secure RPC. Because root users on different machines have the same name and ID, it would be impossible for more than one of them to be a Secure RPC user. The -h option solves this problem, allowing root users to use their unique machine name and address as a user name and ID for RPC purposes.
If you are using NIS, notify client users of their passwords when they are given access to Secure RPC. Modify their .profile files to execute keylogout when they log out.
Users are prompted for their Secure RPC passwords when keylogin
is executed by /etc/profile.
They can change their passwords by
entering the following command on the master server:
See chkey(1bnu) for more information.