1
0

auth 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198
  1. .TH AUTH 8
  2. .SH NAME
  3. changeuser, wrkey, convkeys, convkeys2, printnetkey, status, authsrv, guard.srv, login, disable, enable \- maintain authentication databases
  4. .SH SYNOPSIS
  5. .B auth/changeuser
  6. .RB [ -np ]
  7. .I user
  8. .PP
  9. .B auth/wrkey
  10. .PP
  11. .B auth/convkeys
  12. .RB [ -p ]
  13. .I keyfile
  14. .PP
  15. .B auth/convkeys
  16. .RB [ -p ]
  17. .I keyfile
  18. .PP
  19. .B auth/printnetkey
  20. .I user
  21. .PP
  22. .B auth/status
  23. .I user
  24. .PP
  25. .B auth/enable
  26. .I user
  27. .PP
  28. .B auth/disable
  29. .I user
  30. .PP
  31. .B auth/authsrv
  32. .PP
  33. .B auth/guard.srv
  34. .PP
  35. .B auth/login
  36. .I user
  37. .SH DESCRIPTION
  38. These administrative commands run only on the authentication server.
  39. .IR Changeuser
  40. manipulates an authentication database file system served by
  41. .IR keyfs (4)
  42. and used by file servers.
  43. There are two authentication databases,
  44. one holding information about Plan 9 accounts
  45. and one holding SecureNet keys.
  46. A
  47. .I user
  48. need not be installed in both databases
  49. but must be installed in the Plan 9 database to connect to a Plan 9 service.
  50. .PP
  51. .I Changeuser
  52. installs or changes
  53. .I user
  54. in an authentication database.
  55. It does not install a user on a Plan 9 file server; see
  56. .IR fs (8)
  57. for that.
  58. .PP
  59. Option
  60. .B -p
  61. installs
  62. .I user
  63. in the Plan 9 database.
  64. .I Changeuser
  65. asks twice for a password for the new
  66. .IR user .
  67. If the responses do not match
  68. or the password is too easy to guess
  69. the
  70. .I user
  71. is not installed.
  72. .I Changeuser
  73. also asks for an APOP secret.
  74. This secret is used in the APOP (RFC1939),
  75. CRAM (RFC2195), and
  76. Microsoft challenge/response protocols used for
  77. POP3, IMAP, and VPN access.
  78. .PP
  79. Option
  80. .B -n
  81. installs
  82. .I user
  83. in the SecureNet database and prints out a key for the SecureNet box.
  84. The key is chosen by
  85. .IR changeuser .
  86. .PP
  87. If neither option
  88. .B -p
  89. or option
  90. .B -n
  91. is given,
  92. .I changeuser
  93. installs the
  94. .I user
  95. in the Plan 9 database.
  96. .PP
  97. .I Changeuser
  98. prompts for
  99. biographical information such as email address,
  100. user name, sponsor and department number and
  101. appends it to the file
  102. .B /adm/netkeys.who
  103. or
  104. .BR /adm/keys.who .
  105. .PP
  106. .I Wrkey
  107. prompts for a machine key, host owner, and host domain and stores them in
  108. local non-volatile RAM.
  109. .PP
  110. .I Convkeys
  111. re-encrypts the key file
  112. .IR keyfile .
  113. Re-encryption is performed in place.
  114. Without the
  115. .B -p
  116. option
  117. .I convkeys
  118. uses the key stored in
  119. .B /dev/keys
  120. to decrypt the file, and encrypts it using the new key.
  121. By default,
  122. .I convkeys
  123. prompts twice for the new password.
  124. The
  125. .B -p
  126. forces
  127. .I convkeys
  128. to also prompt for the old password.
  129. The format of
  130. .I keyfile
  131. is described in
  132. .IR keyfs (4).
  133. .PP
  134. The format of the key file changed between Release 2
  135. and 3 of Plan 9.
  136. .I Convkeys2
  137. is like
  138. .IR convkeys .
  139. However, in addition to rekeying, it converts from
  140. the previous format to the Release 3 format.
  141. .PP
  142. .I Printnetkey
  143. displays the network key as it should be entered into the
  144. hand-held Securenet box.
  145. .PP
  146. .I Status
  147. is a shell script that prints out everything known about
  148. a user and the user's key status.
  149. .PP
  150. .I Enable/disable
  151. are shell scripts that enable/disable both the Plan 9 and
  152. Netkey keys for individual users.
  153. .PP
  154. .I Authsrv
  155. is the program, run only on the authentication server, that handles ticket requests
  156. on IL port 566.
  157. It is started
  158. by an incoming call to the server
  159. requesting a conversation ticket; its standard input and output
  160. are the network connection.
  161. .I Authsrv
  162. executes the authentication server's end of the appropriate protocol as
  163. described in
  164. .IR authsrv (6).
  165. .PP
  166. .I Guard.srv
  167. is similar. It is called whenever a foreign (e.g. Unix) system wants
  168. to do a SecureNet challenge/response authentication.
  169. .PP
  170. .I Login
  171. allows a user to change his authenticated id to
  172. .IR user .
  173. .I Login
  174. sets up a new namespace from
  175. .B /lib/namespace
  176. and exec's
  177. .IR rc (1)
  178. under the new id.
  179. .SH FILES
  180. .TF /sys/lib/httppasswords
  181. .TP
  182. .B /lib/ndb/auth
  183. Speaksfor relationships and mappings for
  184. rasius server id's.
  185. .TP
  186. .B /adm/keys.who
  187. List of users in the Plan 9 database.
  188. .TP
  189. .B /adm/netkeys.who
  190. List of users in the SecureNet database.
  191. .TP
  192. .B /sys/lib/httppasswords
  193. List of realms and passwords for HTTP access.
  194. .SH SOURCE
  195. .B /sys/src/cmd/auth
  196. .SH "SEE ALSO"
  197. .IR keyfs (4),
  198. .IR securenet (8)