git: 9dcb984251b3 - main - Remove publickey(5) stuff
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 22 Jan 2025 17:04:57 UTC
The branch main has been updated by manu:
URL: https://cgit.FreeBSD.org/src/commit/?id=9dcb984251b35ab1959bcaafcb3f129c8ae2f25b
commit 9dcb984251b35ab1959bcaafcb3f129c8ae2f25b
Author: Emmanuel Vadot <manu@FreeBSD.org>
AuthorDate: 2025-01-22 17:00:09 +0000
Commit: Emmanuel Vadot <manu@FreeBSD.org>
CommitDate: 2025-01-22 17:04:26 +0000
Remove publickey(5) stuff
This uses DES and it's likely that nobody uses that in 2025.
If somebody uses this we help them by deprecating and removing this.
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D30683
---
ObsoleteFiles.inc | 12 +
lib/libc/rpc/Makefile.inc | 2 +-
usr.bin/Makefile | 4 -
usr.bin/chkey/Makefile | 13 -
usr.bin/chkey/Makefile.depend | 16 -
usr.bin/chkey/Makefile.depend.options | 7 -
usr.bin/chkey/chkey.1 | 32 --
usr.bin/chkey/chkey.c | 267 ------------
usr.bin/keylogin/Makefile | 5 -
usr.bin/keylogin/Makefile.depend | 18 -
usr.bin/keylogin/keylogin.1 | 37 --
usr.bin/keylogin/keylogin.c | 81 ----
usr.bin/keylogout/Makefile | 3 -
usr.bin/keylogout/Makefile.depend | 17 -
usr.bin/keylogout/keylogout.1 | 49 ---
usr.bin/keylogout/keylogout.c | 68 ---
usr.bin/newkey/Makefile | 11 -
usr.bin/newkey/Makefile.depend | 20 -
usr.bin/newkey/extern.h | 45 --
usr.bin/newkey/generic.c | 124 ------
usr.bin/newkey/newkey.8 | 66 ---
usr.bin/newkey/newkey.c | 228 ----------
usr.bin/newkey/update.c | 332 ---------------
usr.sbin/Makefile | 1 -
usr.sbin/keyserv/Makefile | 23 --
usr.sbin/keyserv/Makefile.depend | 20 -
usr.sbin/keyserv/crypt_server.c | 265 ------------
usr.sbin/keyserv/keyserv.8 | 86 ----
usr.sbin/keyserv/keyserv.c | 753 ----------------------------------
usr.sbin/keyserv/keyserv.h | 16 -
usr.sbin/keyserv/setkey.c | 497 ----------------------
31 files changed, 13 insertions(+), 3105 deletions(-)
diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc
index c05a0d37c727..afb71c46a459 100644
--- a/ObsoleteFiles.inc
+++ b/ObsoleteFiles.inc
@@ -51,6 +51,18 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20250122: Remove publickey(5) stuff
+OLD_FILES+=usr/bin/chkey
+OLD_FILES+=usr/bin/keylogin
+OLD_FILES+=usr/bin/keylogout
+OLD_FILES+=usr/sbin/keyserv
+OLD_FILES+=usr/bin/newkey
+OLD_FILES+=usr/share/man/man1/chkey.1.gz
+OLD_FILES+=usr/share/man/man1/keylogin.1.gz
+OLD_FILES+=usr/share/man/man1/keylogin.1.gz
+OLD_FILES+=usr/share/man/man5/publickey.5.gz
+OLD_FILES+=usr/share/man/man8/keyserv.1.gz
+
# 20241206: Remove Altera DE4 drivers
OLD_FILES+=usr/share/man/man4/altera_atse.4.gz
OLD_FILES+=usr/share/man/man4/altera_avgen.4.gz
diff --git a/lib/libc/rpc/Makefile.inc b/lib/libc/rpc/Makefile.inc
index 021b7390ca54..5ee4ffc256a2 100644
--- a/lib/libc/rpc/Makefile.inc
+++ b/lib/libc/rpc/Makefile.inc
@@ -47,7 +47,7 @@ MAN+= bindresvport.3 des_crypt.3 getnetconfig.3 getnetpath.3 getrpcent.3 \
rpc_clnt_create.3 rpc_svc_calls.3 rpc_svc_create.3 rpc_svc_err.3 \
rpc_svc_reg.3 rpc_xdr.3 rpcbind.3 publickey.3 rpc_secure.3 \
rtime.3
-MAN+= publickey.5 rpc.5 netconfig.5
+MAN+= rpc.5 netconfig.5
MLINKS+= bindresvport.3 bindresvport_sa.3 \
des_crypt.3 ecb_crypt.3 \
des_crypt.3 cbc_crypt.3 \
diff --git a/usr.bin/Makefile b/usr.bin/Makefile
index 9baa90aab499..bca7896e5a17 100644
--- a/usr.bin/Makefile
+++ b/usr.bin/Makefile
@@ -61,8 +61,6 @@ SUBDIR= alias \
ipcs \
join \
jot \
- keylogin \
- keylogout \
killall \
ktrace \
ktrdump \
@@ -236,8 +234,6 @@ SUBDIR.${MK_NIS}+= ypcat
SUBDIR.${MK_NIS}+= ypmatch
SUBDIR.${MK_NIS}+= ypwhich
SUBDIR.${MK_OPENSSH}+= ssh-copy-id
-SUBDIR.${MK_OPENSSL}+= chkey
-SUBDIR.${MK_OPENSSL}+= newkey
SUBDIR.${MK_QUOTAS}+= quota
SUBDIR.${MK_SENDMAIL}+= vacation
SUBDIR.${MK_TALK}+= talk
diff --git a/usr.bin/chkey/Makefile b/usr.bin/chkey/Makefile
deleted file mode 100644
index 4b734787c0a3..000000000000
--- a/usr.bin/chkey/Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
-.include <src.opts.mk>
-
-.PATH: ${SRCTOP}/usr.bin/newkey
-
-PROG= chkey
-SRCS= chkey.c generic.c update.c
-CFLAGS+= -I${SRCTOP}/usr.bin/newkey
-.if ${MK_NIS} != "no"
-CFLAGS+= -DYP
-.endif
-LIBADD+= rpcsvc mp
-
-.include <bsd.prog.mk>
diff --git a/usr.bin/chkey/Makefile.depend b/usr.bin/chkey/Makefile.depend
deleted file mode 100644
index 341f44c61163..000000000000
--- a/usr.bin/chkey/Makefile.depend
+++ /dev/null
@@ -1,16 +0,0 @@
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- include \
- include/xlocale \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcompiler_rt \
- secure/lib/libcrypto \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/usr.bin/chkey/Makefile.depend.options b/usr.bin/chkey/Makefile.depend.options
deleted file mode 100644
index da5bb6f2ea36..000000000000
--- a/usr.bin/chkey/Makefile.depend.options
+++ /dev/null
@@ -1,7 +0,0 @@
-# This file is not autogenerated - take care!
-
-DIRDEPS_OPTIONS= NIS
-
-DIRDEPS.NIS.yes= lib/libmp
-
-.include <dirdeps-options.mk>
diff --git a/usr.bin/chkey/chkey.1 b/usr.bin/chkey/chkey.1
deleted file mode 100644
index 556d6c281d21..000000000000
--- a/usr.bin/chkey/chkey.1
+++ /dev/null
@@ -1,32 +0,0 @@
-.\" Copyright (c) 1988 Sun Microsystems, Inc. - All Rights Reserved.
-.\"
-.Dd July 5, 1989
-.Dt CHKEY 1
-.Os
-.Sh NAME
-.Nm chkey
-.Nd change your encryption key
-.Sh SYNOPSIS
-.Nm
-.Sh DEPRECATION NOTICE
-.Nm
-is deprecated and is not available as of
-.Fx 15.0.
-.Sh DESCRIPTION
-The
-.Nm
-utility prompts the user for their login password,
-and uses it to encrypt a new encryption key
-for the user to be stored in the
-.Xr publickey 5
-database.
-.Sh "SEE ALSO"
-.Xr keylogin 1 ,
-.Xr publickey 5 ,
-.Xr keyserv 8 ,
-.Xr newkey 8
-.Sh HISTORY
-The
-.Nm
-utility was removed from
-.Fx 15.0 .
diff --git a/usr.bin/chkey/chkey.c b/usr.bin/chkey/chkey.c
deleted file mode 100644
index 24cb3ec3b0b5..000000000000
--- a/usr.bin/chkey/chkey.c
+++ /dev/null
@@ -1,267 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user or with the express written consent of
- * Sun Microsystems, Inc.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#include <sys/cdefs.h>
-/*
- * Copyright (C) 1986, Sun Microsystems, Inc.
- */
-
-/*
- * Command to change one's public key in the public key database
- */
-#include <rpc/rpc.h>
-#include <rpc/key_prot.h>
-#ifdef YP
-#include <rpcsvc/yp_prot.h>
-#include <rpcsvc/ypclnt.h>
-#else
-#define YPOP_STORE 4
-#endif
-#include <sys/fcntl.h>
-#include <err.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "extern.h"
-
-#ifdef YPPASSWD
-struct passwd *ypgetpwuid(uid_t);
-#endif
-
-#ifdef YP
-static char *domain;
-static char PKMAP[] = "publickey.byname";
-#else
-static char PKFILE[] = "/etc/publickey";
-#endif /* YP */
-static char ROOTKEY[] = "/etc/.rootkey";
-
-static void usage(void) __dead2;
-extern int yp_update(char *, char *, int, char *, size_t, char *, size_t);
-
-int
-main(int argc, char **argv)
-{
- char name[MAXNETNAMELEN+1];
- char public[HEXKEYBYTES + 1];
- char secret[HEXKEYBYTES + 1];
- char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
- char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
- int status;
- char *pass;
- struct passwd *pw;
- uid_t uid;
- int force = 0;
- int ch;
-#ifdef YP
- char *master;
-#endif
-#ifdef YPPASSWD
- char *cryptpw;
-#endif
-
- fprintf(stderr, "chkey is deprecated and removed from FreeBSD 15.\n");
- while ((ch = getopt(argc, argv, "f")) != -1)
- switch(ch) {
- case 'f':
- force = 1;
- break;
- default:
- usage();
- }
- argc -= optind;
- argv += optind;
-
- if (argc != 0)
- usage();
-
-#ifdef YP
- (void)yp_get_default_domain(&domain);
- if (yp_master(domain, PKMAP, &master) != 0)
- errx(1, "can't find master of publickey database");
-#endif
- uid = getuid() /*geteuid()*/;
- if (uid == 0) {
- if (host2netname(name, NULL, NULL) == 0)
- errx(1, "cannot convert hostname to netname");
- } else {
- if (user2netname(name, uid, NULL) == 0)
- errx(1, "cannot convert username to netname");
- }
- (void)printf("Generating new key for %s.\n", name);
-
- if (!force) {
- if (uid != 0) {
-#ifdef YPPASSWD
- pw = ypgetpwuid(uid);
-#else
- pw = getpwuid(uid);
-#endif
- if (pw == NULL) {
-#ifdef YPPASSWD
- errx(1,
- "no NIS password entry found: can't change key");
-#else
- errx(1,
- "no password entry found: can't change key");
-#endif
- }
- } else {
- pw = getpwuid(0);
- if (pw == NULL)
- errx(1, "no password entry found: can't change key");
- }
- }
- pass = getpass("Password:");
-#ifdef YPPASSWD
- if (!force) {
- cryptpw = crypt(pass, pw->pw_passwd);
- if (cryptpw == NULL || strcmp(cryptpw, pw->pw_passwd) != 0)
- errx(1, "invalid password");
- }
-#else
- force = 1; /* Make this mandatory */
-#endif
- genkeys(public, secret, pass);
-
- memcpy(crypt1, secret, HEXKEYBYTES);
- memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE);
- crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0;
- xencrypt(crypt1, pass);
-
- if (force) {
- memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1);
- xdecrypt(crypt2, getpass("Retype password:"));
- if (memcmp(crypt2, crypt2 + HEXKEYBYTES, KEYCHECKSUMSIZE) != 0
- || memcmp(crypt2, secret, HEXKEYBYTES) != 0)
- errx(1, "password incorrect");
- }
-
-#ifdef YP
- (void)printf("Sending key change request to %s...\n", master);
-#endif
- status = setpublicmap(name, public, crypt1);
- if (status != 0) {
-#ifdef YP
- errx(1, "unable to update NIS database (%u): %s",
- status, yperr_string(status));
-#else
- errx(1, "unable to update publickey database");
-#endif
- }
-
- if (uid == 0) {
- /*
- * Root users store their key in /etc/$ROOTKEY so
- * that they can auto reboot without having to be
- * around to type a password. Storing this in a file
- * is rather dubious: it should really be in the EEPROM
- * so it does not go over the net.
- */
- int fd;
-
- fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0);
- if (fd < 0) {
- warn("%s", ROOTKEY);
- } else {
- char newline = '\n';
-
- if (write(fd, secret, strlen(secret)) < 0 ||
- write(fd, &newline, sizeof(newline)) < 0)
- warn("%s: write", ROOTKEY);
- }
- close(fd);
- }
-
- if (key_setsecret(secret) < 0)
- errx(1, "unable to login with new secret key");
- (void)printf("Done.\n");
- exit(0);
- /* NOTREACHED */
-}
-
-static void
-usage(void)
-{
- (void)fprintf(stderr, "usage: chkey [-f]\n");
- exit(1);
- /* NOTREACHED */
-}
-
-
-/*
- * Set the entry in the public key file
- */
-int
-setpublicmap(char *name, char *public, char *secret)
-{
- char pkent[1024];
-
- (void)sprintf(pkent,"%s:%s", public, secret);
-#ifdef YP
- return (yp_update(domain, PKMAP, YPOP_STORE,
- name, strlen(name), pkent, strlen(pkent)));
-#else
- return (localupdate(name, PKFILE, YPOP_STORE,
- strlen(name), name, strlen(pkent), pkent));
-#endif
-}
-
-#ifdef YPPASSWD
-struct passwd *
-ypgetpwuid(uid_t uid)
-{
- char uidstr[10];
- char *val;
- int vallen;
- static struct passwd pw;
- char *p;
-
- (void)sprintf(uidstr, "%d", uid);
- if (yp_match(domain, "passwd.byuid", uidstr, strlen(uidstr),
- &val, &vallen) != 0) {
- return (NULL);
- }
- p = strchr(val, ':');
- if (p == NULL) {
- return (NULL);
- }
- pw.pw_passwd = p + 1;
- p = strchr(pw.pw_passwd, ':');
- if (p == NULL) {
- return (NULL);
- }
- *p = 0;
- return (&pw);
-}
-#endif /* YPPASSWD */
diff --git a/usr.bin/keylogin/Makefile b/usr.bin/keylogin/Makefile
deleted file mode 100644
index 7a267e4c5a72..000000000000
--- a/usr.bin/keylogin/Makefile
+++ /dev/null
@@ -1,5 +0,0 @@
-PROG= keylogin
-
-LIBADD= rpcsvc
-
-.include <bsd.prog.mk>
diff --git a/usr.bin/keylogin/Makefile.depend b/usr.bin/keylogin/Makefile.depend
deleted file mode 100644
index 352a225b19c6..000000000000
--- a/usr.bin/keylogin/Makefile.depend
+++ /dev/null
@@ -1,18 +0,0 @@
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- include \
- include/rpc \
- include/rpcsvc \
- include/xlocale \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcompiler_rt \
- lib/librpcsvc \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/usr.bin/keylogin/keylogin.1 b/usr.bin/keylogin/keylogin.1
deleted file mode 100644
index 550d670afbe7..000000000000
--- a/usr.bin/keylogin/keylogin.1
+++ /dev/null
@@ -1,37 +0,0 @@
-.\" Copyright (c) 1988 Sun Microsystems, Inc. - All Rights Reserved.
-.\"
-.Dd September 9, 1987
-.Dt KEYLOGIN 1
-.Os
-.Sh NAME
-.Nm keylogin
-.Nd decrypt and store secret key
-.Sh SYNOPSIS
-.Nm
-.Sh DEPRECATION NOTICE
-.Nm
-is deprecated and is not available as of
-.Fx 15.0.
-.Sh DESCRIPTION
-The
-.Nm
-utility prompts the user for their login password, and uses it to decrypt
-the user's secret key stored in the
-.Xr publickey 5
-database.
-Once decrypted, the user's key is stored by the local
-key server process
-.Xr keyserv 8
-to be used by any secure network services, such as NFS.
-.Sh SEE ALSO
-.Xr chkey 1 ,
-.Xr keylogout 1 ,
-.Xr login 1 ,
-.Xr publickey 5 ,
-.Xr keyserv 8 ,
-.Xr newkey 8
-.Sh HISTORY
-The
-.Nm
-utility was removed from
-.Fx 15.0 .
diff --git a/usr.bin/keylogin/keylogin.c b/usr.bin/keylogin/keylogin.c
deleted file mode 100644
index c64afa4846bc..000000000000
--- a/usr.bin/keylogin/keylogin.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user or with the express written consent of
- * Sun Microsystems, Inc.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-#include <sys/cdefs.h>
-/*
- * Copyright (C) 1986, Sun Microsystems, Inc.
- */
-
-/*
- * Set secret key on local machine
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <pwd.h>
-#include <unistd.h>
-#include <rpc/rpc.h>
-#include <rpc/key_prot.h>
-
-extern int key_setnet(struct key_netstarg *);
-
-int
-main(void)
-{
- char fullname[MAXNETNAMELEN + 1];
- struct key_netstarg netst;
-
- fprintf(stderr, "keylogin is deprecated and removed from FreeBSD 15.\n");
- if (!getnetname(fullname)) {
- fprintf(stderr, "netname lookup failed -- make sure the ");
- fprintf(stderr, "system domain name is set.\n");
- exit(1);
- }
-
- if (! getsecretkey(fullname, (char *)&(netst.st_priv_key),
- getpass("Password:"))) {
- fprintf(stderr, "Can't find %s's secret key\n", fullname);
- exit(1);
- }
- if (netst.st_priv_key[0] == 0) {
- fprintf(stderr, "Password incorrect for %s\n", fullname);
- exit(1);
- }
-
- netst.st_pub_key[0] = 0;
- netst.st_netname = strdup(fullname);
-
- if (key_setnet(&netst) < 0) {
- fprintf(stderr, "Could not set %s's secret key\n", fullname);
- fprintf(stderr, "Maybe the keyserver is down?\n");
- exit(1);
- }
- exit(0);
- /* NOTREACHED */
-}
diff --git a/usr.bin/keylogout/Makefile b/usr.bin/keylogout/Makefile
deleted file mode 100644
index 244d6d2d0be7..000000000000
--- a/usr.bin/keylogout/Makefile
+++ /dev/null
@@ -1,3 +0,0 @@
-PROG= keylogout
-
-.include <bsd.prog.mk>
diff --git a/usr.bin/keylogout/Makefile.depend b/usr.bin/keylogout/Makefile.depend
deleted file mode 100644
index a2d89550fa2b..000000000000
--- a/usr.bin/keylogout/Makefile.depend
+++ /dev/null
@@ -1,17 +0,0 @@
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- include \
- include/rpc \
- include/rpcsvc \
- include/xlocale \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcompiler_rt \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/usr.bin/keylogout/keylogout.1 b/usr.bin/keylogout/keylogout.1
deleted file mode 100644
index 348d7e380ea0..000000000000
--- a/usr.bin/keylogout/keylogout.1
+++ /dev/null
@@ -1,49 +0,0 @@
-.Dd April 15, 1989
-.Dt KEYLOGOUT 1
-.Os
-.Sh NAME
-.Nm keylogout
-.Nd delete stored secret key
-.Sh SYNOPSIS
-.Nm
-.Op Fl f
-.Sh DEPRECATION NOTICE
-.Nm
-is deprecated and is not available as of
-.Fx 15.0.
-.Sh DESCRIPTION
-The
-.Nm
-utility deletes the key stored by the key server process
-.Xr keyserv 8
-to be used by any secure network services, such as NFS.
-Further access to the key is revoked,
-however current session keys may remain valid till they expire,
-or are refreshed.
-This option will cause any background jobs that need secure RPC
-services to fail, and any scheduled
-.Nm at
-jobs that need the key to fail.
-Also since only one copy is kept on a machine of the key,
-it is a bad idea to place this in your
-.Pa .logout
-file since it will affect other sessions on the same machine.
-.Pp
-The following option is available:
-.Bl -tag -width indent
-.It Fl f
-Forget the rootkey.
-This will break secure NFS if it is done on a server.
-.El
-.Sh SEE ALSO
-.Xr chkey 1 ,
-.Xr keylogin 1 ,
-.Xr login 1 ,
-.Xr publickey 5 ,
-.Xr keyserv 8 ,
-.Xr newkey 8
-.Sh HISTORY
-The
-.Nm
-utility was removed from
-.Fx 15.0 .
diff --git a/usr.bin/keylogout/keylogout.c b/usr.bin/keylogout/keylogout.c
deleted file mode 100644
index faad41462340..000000000000
--- a/usr.bin/keylogout/keylogout.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user or with the express written consent of
- * Sun Microsystems, Inc.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-/*
- * Copyright (C) 1986, Sun Microsystems, Inc.
- */
-
-#include <sys/cdefs.h>
-/*
- * unset the secret key on local machine
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <rpc/key_prot.h>
-
-int
-main(int argc, char **argv)
-{
- static char secret[HEXKEYBYTES + 1];
-
- fprintf(stderr, "keylogin is deprecated and removed from FreeBSD 15.\n");
- if (geteuid() == 0) {
- if ((argc != 2 ) || (strcmp(argv[1], "-f") != 0)) {
- fprintf(stderr,
-"keylogout by root would break all servers that use secure rpc!\n");
- fprintf(stderr,
-"root may use keylogout -f to do this (at your own risk)!\n");
- exit(1);
- }
- }
-
- if (key_setsecret(secret) < 0) {
- fprintf(stderr, "Could not unset your secret key.\n");
- fprintf(stderr, "Maybe the keyserver is down?\n");
- exit(1);
- }
- exit(0);
- /* NOTREACHED */
-}
diff --git a/usr.bin/newkey/Makefile b/usr.bin/newkey/Makefile
deleted file mode 100644
index a081774288ac..000000000000
--- a/usr.bin/newkey/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
-.include <src.opts.mk>
-
-PROG= newkey
-SRCS= newkey.c generic.c update.c
-.if ${MK_NIS} != "no"
-CFLAGS+= -DYP
-.endif
-MAN= newkey.8
-LIBADD= rpcsvc mp
-
-.include <bsd.prog.mk>
diff --git a/usr.bin/newkey/Makefile.depend b/usr.bin/newkey/Makefile.depend
deleted file mode 100644
index 67fb1e963614..000000000000
--- a/usr.bin/newkey/Makefile.depend
+++ /dev/null
@@ -1,20 +0,0 @@
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- include \
- include/rpc \
- include/rpcsvc \
- include/xlocale \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcompiler_rt \
- lib/libmp \
- lib/librpcsvc \
- secure/lib/libcrypto \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/usr.bin/newkey/extern.h b/usr.bin/newkey/extern.h
deleted file mode 100644
index 2e8573b4c78c..000000000000
--- a/usr.bin/newkey/extern.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user or with the express written consent of
- * Sun Microsystems, Inc.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#ifdef YP
-#define MAXMAPNAMELEN 256
-#else
-#define YPOP_CHANGE 1 /* change, do not add */
-#define YPOP_INSERT 2 /* add, do not change */
-#define YPOP_DELETE 3 /* delete this entry */
-#define YPOP_STORE 4 /* add, or change */
-#endif
-
-void genkeys(char *, char *, char *);
-int setpublicmap(char *, char *, char *);
-int mapupdate(char *, char *, u_int, u_int, char *, u_int, char *);
-void xencrypt(char *, char *);
-void xdecrypt(char *, char *);
-int localupdate(char *, char *, u_int, u_int, char *, u_int, char *);
diff --git a/usr.bin/newkey/generic.c b/usr.bin/newkey/generic.c
deleted file mode 100644
index faf2247376b0..000000000000
--- a/usr.bin/newkey/generic.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user or with the express written consent of
- * Sun Microsystems, Inc.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-/*
- * Copyright (C) 1986, Sun Microsystems, Inc.
- */
-
-#include <sys/cdefs.h>
-#include <sys/file.h>
-
-#include <rpc/rpc.h>
-#include <rpc/key_prot.h>
-
-#include <mp.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "extern.h"
-
-static void adjust(char[HEXKEYBYTES + 1], char *);
-static void getseed(char *, int, unsigned char *);
-
-/*
- * Generate a seed
- */
-static void
-getseed(char *seed, int seedsize, unsigned char *pass)
-{
- int i;
-
- for (i = 0; i < seedsize; i++) {
- seed[i] = (arc4random() & 0xff) ^ pass[i % 8];
- }
-}
-
-/*
- * Generate a random public/secret key pair
- */
-void
-genkeys(char *public, char *secret, char *pass)
-{
- unsigned int i;
-
-# define BASEBITS (8*sizeof (short) - 1)
-# define BASE (1 << BASEBITS)
-
- MINT *pk = mp_itom(0);
- MINT *sk = mp_itom(0);
- MINT *tmp;
- MINT *base = mp_itom((short)BASE);
- MINT *root = mp_itom(PROOT);
- MINT *modulus = mp_xtom(HEXMODULUS);
- short r;
- unsigned short seed[KEYSIZE/BASEBITS + 1];
- char *xkey;
-
- getseed((char *)seed, sizeof (seed), (u_char *)pass);
- for (i = 0; i < KEYSIZE/BASEBITS + 1; i++) {
- r = seed[i] % BASE;
- tmp = mp_itom(r);
*** 2395 LINES SKIPPED ***