request-key — handle key instantiation callback requests from the kernel

Synopsis

/sbin/request-key <op> <key> <uid> <gid> <threadring> <processring> <sessionring> [<info>]

Description

This program is invoked by the kernel when the kernel is asked for a key that it doesn't have immediately available. The kernel creates a partially set up key and then calls out to this program to instantiate it. It is not intended to be called directly.

However, for debugging purposes, it can be given some options on the command line:

-d

Turn on debugging mode.  In this mode, no attempts are made to access any keys and, if a handler program is selected, it won't be executed; instead, this program will print a message and exit 0.

-D

In debugging mode, use the proposed key description specified with this rather than the sample ("user;0;0;1f0000;debug:1234") built into the program.

-l

Use configuration from the current directory.  The program will use request-key.d/* and request-key.conf from the current directory rather than from /etc.

-n

Don't log to the system log.  Ordinarily, error messages and debugging messages will be copied to the system log - this will prevent that.

-v

Turn on debugging output.  This may be specified multiple times to produce increasing levels of verbosity.

--version

Print the program version and exit.

Errors

All errors will be logged to the syslog.

Files

/etc/request-key.d/*.conf Individual configuration files.

/etc/request-key.conf Fallback configuration file.

See Also

keyctl(1), request-key.conf(5), keyrings(7)

Referenced By

cifs.idmap(8), cifs.upcall(8), kafs-client.conf(5), keyctl(1), keyctl(2), keyctl_instantiate(3), keyctl_set_reqkey_keyring(3), key.dns_resolver(8), keyrings(7), keyutils(7), nfsidmap(8), request_key(2).

15 Nov 2011 Linux Key Management Utilities