summaryrefslogtreecommitdiff
path: root/static/plan9-4e/man8/auth.8
diff options
context:
space:
mode:
Diffstat (limited to 'static/plan9-4e/man8/auth.8')
-rw-r--r--static/plan9-4e/man8/auth.8194
1 files changed, 194 insertions, 0 deletions
diff --git a/static/plan9-4e/man8/auth.8 b/static/plan9-4e/man8/auth.8
new file mode 100644
index 00000000..5aabf0ac
--- /dev/null
+++ b/static/plan9-4e/man8/auth.8
@@ -0,0 +1,194 @@
+.TH AUTH 8
+.SH NAME
+changeuser, wrkey, convkeys, convkeys2, printnetkey, status, auth.srv, guard.srv, login, disable, enable \- maintain authentication databases
+.SH SYNOPSIS
+.B auth/changeuser
+.RB [ -np ]
+.I user
+.PP
+.B auth/wrkey
+.PP
+.B auth/convkeys
+.RB [ -p ]
+.I keyfile
+.PP
+.B auth/convkeys
+.RB [ -p ]
+.I keyfile
+.PP
+.B auth/printnetkey
+.I user
+.PP
+.B auth/status
+.I user
+.PP
+.B auth/enable
+.I user
+.PP
+.B auth/disable
+.I user
+.PP
+.B auth/auth.srv
+.PP
+.B auth/guard.srv
+.PP
+.B auth/login
+.I user
+.SH DESCRIPTION
+These administrative commands run only on the authentication server.
+.IR Changeuser
+manipulates an authentication database file system served by
+.IR keyfs (4)
+and used by file servers.
+There are two authentication databases,
+one holding information about Plan 9 accounts
+and one holding SecureNet keys.
+A
+.I user
+need not be installed in both databases
+but must be installed in the Plan 9 database to connect to a Plan 9 service.
+.PP
+.I Changeuser
+installs or changes
+.I user
+in an authentication database.
+It does not install a user on a Plan 9 file server; see
+.IR fs (8)
+for that.
+.PP
+Option
+.B -p
+installs
+.I user
+in the Plan 9 database.
+.I Changeuser
+asks twice for a password for the new
+.IR user .
+If the responses do not match
+or the password is too easy to guess
+the
+.I user
+is not installed.
+.I Changeuser
+also asks for an APOP secret.
+This secret is used in the APOP (RFC1939),
+CRAM (RFC2195), and
+Microsoft challenge/response protocols used for
+POP3, IMAP, and VPN access.
+.PP
+Option
+.B -n
+installs
+.I user
+in the SecureNet database and prints out a key for the SecureNet box.
+The key is chosen by
+.IR changeuser .
+.PP
+If neither option
+.B -p
+or option
+.B -n
+is given,
+.I changeuser
+installs the
+.I user
+in the Plan 9 database.
+.PP
+.I Changeuser
+prompts for
+biographical information such as email address,
+user name, sponsor and department number and
+appends it to the file
+.B /adm/netkeys.who
+or
+.BR /adm/keys.who .
+.PP
+.I Wrkey
+prompts for a machine key, host owner, and host domain and stores them in
+local non-volatile RAM.
+.PP
+.I Convkeys
+re-encrypts the key file
+.IR keyfile .
+Re-encryption is performed in place.
+Without the
+.B -p
+option
+.I convkeys
+uses the key stored in
+.B /dev/keys
+to decrypt the file, and encrypts it using the new key.
+By default,
+.I convkeys
+prompts twice for the new password.
+The
+.B -p
+forces
+.I convkeys
+to also prompt for the old password.
+The format of
+.I keyfile
+is described in
+.IR keyfs (4).
+.PP
+The format of the key file changed between Release 2
+and 3 of Plan 9.
+.I Convkeys2
+is like
+.IR convkeys .
+However, in addition to rekeying, it converts from
+the previous format to the Release 3 format.
+.PP
+.I Printnetkey
+displays the network key as it should be entered into the
+hand-held Securenet box.
+.PP
+.I Status
+is a shell script that prints out everything known about
+a user and the user's key status.
+.PP
+.I Enable/disable
+are shell scripts that enable/disable both the Plan 9 and
+Netkey keys for individual users.
+.PP
+.I Auth.srv
+is the program, run only on the authentication server, that handles ticket requests
+on IL port 566.
+It is started
+by an incoming call to the server
+requesting a conversation ticket; its standard input and output
+are the network connection.
+.I Auth.srv
+executes the authentication server's end of the appropriate protocol as
+described in
+.IR authsrv (6).
+.PP
+.I Guard.srv
+is similar. It is called whenever a foreign (e.g. Unix) system wants
+to do a SecureNet challenge/response authentication.
+.PP
+.I Login
+allows a user to change his authenticated id to
+.IR user .
+.I Login
+sets up a new namespace from
+.B /lib/namespace
+and exec's
+.IR rc (1)
+under the new id.
+.SH FILES
+.TF /sys/lib/httppasswords
+.TP
+.B /adm/keys.who
+List of users in the Plan 9 database.
+.TP
+.B /adm/netkeys.who
+List of users in the SecureNet database.
+.TP
+.B /sys/lib/httppasswords
+List of realms and passwords for HTTP access.
+.SH SOURCE
+.B /sys/src/cmd/auth
+.SH "SEE ALSO"
+.IR keyfs (4),
+.IR securenet (8)
generated by cgit v1.2.3 (git 2.46.0) at 2026-05-15 13:01:07 +0000