3 changeuser, convkeys, printnetkey, status, enable, disable, authsrv, guard.srv, debug, wrkey, login, newns, none, as \- maintain or query authentication databases
75 These administrative commands run only on the authentication server.
77 manipulates an authentication database file system served by
79 and used by file servers.
80 There are two authentication databases,
81 one holding information about Plan 9 accounts
82 and one holding SecureNet keys.
85 need not be installed in both databases
86 but must be installed in the Plan 9 database to connect to a Plan 9 service.
91 in an authentication database.
92 It does not install a user on a Plan 9 file server; see
100 in the Plan 9 database.
102 asks twice for a password for the new
104 If the responses do not match
105 or the password is too easy to guess
110 also asks for an APOP secret.
111 This secret is used in the APOP (RFC1939),
113 Microsoft challenge/response protocols used for
114 POP3, IMAP, and VPN access.
120 in the SecureNet database and prints out a key for the SecureNet box.
132 in the Plan 9 database.
136 biographical information such as email address,
137 user name, sponsor and department number and
138 appends it to the file
144 re-encrypts the key file
146 Re-encryption is performed in place.
151 uses the key stored in NVRAM
152 to decrypt the file, and encrypts it using the new key.
155 prompts twice for the new password.
160 to also prompt for the old password.
163 option converts the file into AES format.
170 displays the network key as it should be entered into the
171 hand-held Securenet box.
174 is a shell script that prints out everything known about
175 a user and the user's key status.
178 are shell scripts that enable/disable both the Plan 9 and
179 Netkey keys for individual users.
182 is the program, run only on the authentication server, that handles ticket requests
184 It is started by an incoming call to the server
185 requesting a conversation ticket; its standard input and output
186 are the network connection.
188 executes the authentication server's end of the appropriate protocol as
193 flag disables legacy bruteforceable DES-encrypted tickes as used by the
195 protocol, forcing the use of new
197 password authenticated key exchange.
200 is similar. It is called whenever a foreign (e.g. Unix) system wants
201 to do a SecureNet challenge/response authentication.
202 .SS Anywhere commands
204 The remaining commands need not be run on an authentication server.
207 attempts to authenticate using each
213 and prints progress reports.
216 prompts for a machine key, host owner, and host domain and stores them in
217 local non-volatile RAM.
220 allows a user to change his authenticated id to
223 sets up a new namespace from
233 sets up a new namespace from
240 If there are no arguments, it
246 adds to the current namespace instead of constructing a new one.
249 option enables debugging output.
252 sets up a new namespace from
260 its arguments under the new id.
261 If there are no arguments, it
264 It's an easy way to run a command as
273 is a single argument to
275 containing an arbitrary
278 This only works for the hostowner and only if
285 Speaksfor relationships and mappings for
289 List of users in the Plan 9 database.
292 List of users in the SecureNet database.
303 Only CPU kernels permit changing userid.