term% cat index.txt AUTH(8) System Manager's Manual AUTH(8)
NAME
changeuser, wrkey, convkeys, printnetkey, status, auth.srv, guard.srv -
maintain authentication databases
SYNOPSIS
auth/changeuser [-np] user
auth/wrkey
auth/convkeys [-p] keyfile
auth/printnetkey user
auth/status user
auth/auth.srv
auth/guard.srv
DESCRIPTION
These administrative commands run only on the authentication server.
Changeuser manipulates an authentication database file system served by
keyfs(4) and used by file servers. There are two authentication data‐
bases, one holding information about Plan 9 accounts and one holding
SecureNet keys. A user need not be installed in both databases but
must be installed in the Plan 9 database to connect to a Plan 9 ser‐
vice.
Changeuser installs or changes user in an authentication database. It
does not install a user on a Plan 9 file server; see fs(8) for that.
Option -p installs user in the Plan 9 database. Changeuser asks twice
for a password for the new user. If the responses do not match or the
password is too easy to guess the user is not installed.
Option -n installs user in the SecureNet database and prints out a key
for the SecureNet box. The key is chosen by changeuser.
If neither option -p or option -n is given, changeuser installs the
user in the Plan 9 database.
Changeuser prompts for biographical information such as email address,
user name, sponsor and department number and appends it to the file
/adm/netkeys.who or /adm/keys.who.
Wrkey prompts for a machine key, host owner, and host domain and stores
them in local non-volatile RAM.
Convkeys re-encrypts the key file keyfile. Re-encryption is performed
in place. Without the -p option convkeys uses the key stored in
/dev/keys to decrypt the file, and encrypts it using the new key. By
default, convkeys prompts twice for the new password. The -p forces
convkeys to also prompt for the old password. The format of keyfile is
described in keyfs(4).
Printnetkey displays the network key as it should be entered into the
hand-held Securenet box.
Status is a shell script that prints out everything known about a user
and the user's key status.
Auth.srv is the program, run only on the authentication server, that
handles ticket requests on IL port 566. It is started by an incoming
call to the server requesting a conversation ticket; its standard input
and output are the network connection. Auth.srv executes the authenti‐
cation server's end of the appropriate protocol as described in
auth(6).
Guard.srv is similar. It is called whenever a foreign (e.g. Unix) sys‐
tem wants to do a SecureNet challenge/response authentication.
FILES
/adm/keys.who
List of users in the Plan 9 database.
/adm/netkeys.who
List of users in the SecureNet database.
SOURCE
/sys/src/cmd/auth
SEE ALSO
keyfs(4), securenet(8)
AUTH(8)