NAME
pamrsakp - generate keypairs for pam_rsa PAM-authentication module
SYNOPSIS
pamrsakp user hostname pubdir privdir hashtype usepassphrase
DESCRIPTION
The pamrsakp is a utility script for creating RSA keypairs that can be
used with the pam_rsa PAM-authentication module.
ARGUMENTS
All six arguments are required.
* user User for whom the RSA keypair is created.
* hostname Target hostname for which the RSA keypair is created.
The generated public key (which is actually contained within an
X509 PEM-format certificate) is meant to be stored on the target
host.
* pubdir Directory into which pamrsakp should output the generated
RSA public key
* privdir Directory into which pamrsakp should create a
subdirectory based on a SHA1 hashed hostname. Depending on the
value of hashtype, pamrsakp creates the RSA private key in the
subdirectory either with a SHA1 hashed name, or with a name that
is not hashed. NOTE: NEVER EVER LOSE YOUR PRIVATE KEY.
* hashtype Specify sha1 to generate RSA private key with its
filename SHA1 hashed or specify none for no hashing.
* usepassphrase Specify yes to protect your RSA private key with
passphrase-based encryption. THIS IS RECOMMENDED UNLESS YOU ARE
SURE OF WHAT YOU ARE DOING. You will be prompted for a
passphrase and the passphrase will be read from standard input.
Specify no for an unencrypted RSA private key. Use with
caution.
EXAMPLES
Issuing a command:
pamrsakp spock startrek.example.com /safedir/pub /safedir/priv sha1 yes
creates an RSA keypair for user spock. The public key is to be stored
on host startrek.example.com. User spock would presumably use a USB
memory stick (or other portable media) to store the corresponding RSA
private key. Private key’s filename is based on a SHA1 hash, and the
private key itself is encrypted with a passphrase.
FILES
/etc/security/pamrsakp.cnf
pamrsakp’s OpenSSL defaults
NOTES
This script requires bash and will probably explode if any other shell
is used
SEE ALSO
pam_rsa(8)
AUTHOR
Vesa-Matti Kari
email: pamrsa-bugs@laamanaama.helsinki.fi