glenda.party
term% ls -F
term% cat index.txt
AUTH(8)                     System Manager's Manual                    AUTH(8)



NAME
       changeuser, wrkey, convkeys, printnetkey, status, auth.srv, guard.srv -
       maintain authentication databases

SYNOPSIS
       auth/changeuser [-np] user

       auth/wrkey

       auth/convkeys [-p] keyfile

       auth/printnetkey user

       auth/status user

       auth/auth.srv

       auth/guard.srv

DESCRIPTION
       These administrative commands run only on  the  authentication  server.
       Changeuser manipulates an authentication database file system served by
       keyfs(4) and used by file servers.  There are two authentication  data‐
       bases,  one  holding  information about Plan 9 accounts and one holding
       SecureNet keys.  A user need not be installed  in  both  databases  but
       must  be  installed  in the Plan 9 database to connect to a Plan 9 ser‐
       vice.

       Changeuser installs or changes user in an authentication database.   It
       does not install a user on a Plan 9 file server; see fs(8) for that.

       Option  -p installs user in the Plan 9 database.  Changeuser asks twice
       for a password for the new user.  If the responses do not match or  the
       password is too easy to guess the user is not installed.

       Option  -n installs user in the SecureNet database and prints out a key
       for the SecureNet box.  The key is chosen by changeuser.

       If neither option -p or option -n is  given,  changeuser  installs  the
       user in the Plan 9 database.

       Changeuser  prompts for biographical information such as email address,
       user name, sponsor and department number and appends  it  to  the  file
       /adm/netkeys.who or /adm/keys.who.

       Wrkey prompts for a machine key, host owner, and host domain and stores
       them in local non-volatile RAM.

       Convkeys re-encrypts the key file keyfile.  Re-encryption is  performed
       in  place.   Without  the  -p  option  convkeys  uses the key stored in
       /dev/keys to decrypt the file, and encrypts it using the new  key.   By
       default,  convkeys  prompts  twice for the new password.  The -p forces
       convkeys to also prompt for the old password.  The format of keyfile is
       described in keyfs(4).

       Printnetkey  displays  the network key as it should be entered into the
       hand-held Securenet box.

       Status is a shell script that prints out everything known about a  user
       and the user's key status.

       Auth.srv  is  the  program, run only on the authentication server, that
       handles ticket requests on IL port 566.  It is started by  an  incoming
       call to the server requesting a conversation ticket; its standard input
       and output are the network connection.  Auth.srv executes the authenti‐
       cation  server's  end  of  the  appropriate  protocol  as  described in
       auth(6).

       Guard.srv is similar.  It is called whenever a foreign (e.g. Unix) sys‐
       tem wants to do a SecureNet challenge/response authentication.

FILES
       /adm/keys.who
              List of users in the Plan 9 database.

       /adm/netkeys.who
              List of users in  the SecureNet database.

SOURCE
       /sys/src/cmd/auth

SEE ALSO
       keyfs(4), securenet(8)



                                                                       AUTH(8)