Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

auth(8) [plan9 man page]

AUTH(8) 						      System Manager's Manual							   AUTH(8)

NAME

       changeuser, wrkey, convkeys, printnetkey, status, auth.srv, guard.srv - maintain authentication databases

SYNOPSIS

       auth/changeuser [-np] user

       auth/wrkey

       auth/convkeys [-p] keyfile

       auth/printnetkey user

       auth/status user

       auth/auth.srv

       auth/guard.srv

DESCRIPTION

       These  administrative commands run only on the authentication server.  Changeuser manipulates an authentication database file system served
       by keyfs(4) and used by file servers.  There are two authentication databases, one holding information about Plan 9 accounts and one  hold-
       ing  SecureNet  keys.   A  user need not be installed in both databases but must be installed in the Plan 9 database to connect to a Plan 9
       service.

       Changeuser installs or changes user in an authentication database.  It does not install a user on a Plan 9 file server; see fs(8) for that.

       Option -p installs user in the Plan 9 database.	Changeuser asks twice for a password for the new user.	If the responses do not  match	or
       the password is too easy to guess the user is not installed.

       Option -n installs user in the SecureNet database and prints out a key for the SecureNet box.  The key is chosen by changeuser.

       If neither option -p or option -n is given, changeuser installs the user in the Plan 9 database.

       Changeuser  prompts for biographical information such as email address, user name, sponsor and department number and appends it to the file
       /adm/netkeys.who or /adm/keys.who.

       Wrkey prompts for a machine key, host owner, and host domain and stores them in local non-volatile RAM.

       Convkeys re-encrypts the key file keyfile.  Re-encryption is performed in place.  Without the -p option convkeys uses  the  key	stored	in
       /dev/keys  to decrypt the file, and encrypts it using the new key.  By default, convkeys prompts twice for the new password.  The -p forces
       convkeys to also prompt for the old password.  The format of keyfile is described in keyfs(4).

       Printnetkey displays the network key as it should be entered into the hand-held Securenet box.

       Status is a shell script that prints out everything known about a user and the user's key status.

       Auth.srv is the program, run only on the authentication server, that handles ticket requests on IL port 566.  It is started by an  incoming
       call  to  the  server  requesting  a  conversation ticket; its standard input and output are the network connection.  Auth.srv executes the
       authentication server's end of the appropriate protocol as described in auth(6).

       Guard.srv is similar.  It is called whenever a foreign (e.g. Unix) system wants to do a SecureNet challenge/response authentication.

FILES

       /adm/keys.who
	      List of users in the Plan 9 database.

       /adm/netkeys.who
	      List of users in	the SecureNet database.

SOURCE

       /sys/src/cmd/auth

SEE ALSO

       keyfs(4), securenet(8)

																	   AUTH(8)

Check Out this Related Man Page

SYSTEM-AUTH-AC(5)						File Formats Manual						 SYSTEM-AUTH-AC(5)

NAME

       system-auth-ac,	password-auth-ac,  smartcard-auth-ac, fingerprint-auth-ac, postlogin-ac - Common configuration files for PAMified services
       written by authconfig(8)

SYNOPSIS

       /etc/pam.d/system-auth-ac

DESCRIPTION

       The purpose of this configuration file is to provide common configuration file  for  all  applications  and  service  daemons  calling  PAM
       library.

       The system-auth configuration file is included from all individual service configuration files with the help of the include directive. When
       authconfig(8) writes the system PAM configuration file it replaces the default system-auth file with a symlink pointing	to  system-auth-ac
       and writes the configuration to this file. The symlink is not changed on subsequent configuration changes even if it points elsewhere. This
       allows system administrators to override the configuration written by authconfig.

       The  authconfig	now  writes  the  authentication  modules  also  into  additional  PAM	configuration  files  /etc/pam.d/password-auth-ac,
       /etc/pam.d/smartcard-auth-ac, and /etc/pam.d/fingerprint-auth-ac.  These configuration files contain only modules which perform authentica-
       tion with the respective kinds of authentication tokens.  For example /etc/pam.d/smartcard-auth[-ac] will not contain pam_unix and pam_ldap
       modules and /etc/pam.d/password-auth[-ac] will not contain pam_pkcs11 and pam_fprintd modules.

       The  file  /etc/pam.d/postlogin-ac  contains  common services to be invoked after login. An example can be a module that encrypts an user's
       filesystem or user's keyring and is decrypted by his password.

       The PAM configuration files of services which are accessed by remote connections such as sshd or ftpd now include the  /etc/pam.d/password-
       auth configuration file instead of /etc/pam.d/system-auth.

EXAMPLE

       Configure  system  to  use  pam_tally2  for  configuration  of maximum number of failed logins. Also call pam_access to verify if access is
       allowed.

       Make system-auth symlink point to system-auth-local which contains:

       auth	       requisite       pam_access.so
       auth	       requisite       pam_tally2.so deny=3 lock_time=30 
					     unlock_time=3600
       auth	       include	       system-auth-ac
       account	       required        pam_tally2.so
       account	       include	       system-auth-ac
       password        include	       system-auth-ac
       session	       include	       system-auth-ac

BUGS

       None known.

SEE ALSO

       authconfig(8), authconfig-gtk(8), pam(8), system-auth(5)

Red Hat, Inc.							   2010 March 31						 SYSTEM-AUTH-AC(5)
Man Page