3 changeuser, convkeys, convkeys2, printnetkey, status, enable, disable, authsrv, guard.srv, debug, wrkey, login, newns, none, as \- maintain or query authentication databases
64 These administrative commands run only on the authentication server.
66 manipulates an authentication database file system served by
68 and used by file servers.
69 There are two authentication databases,
70 one holding information about Plan 9 accounts
71 and one holding SecureNet keys.
74 need not be installed in both databases
75 but must be installed in the Plan 9 database to connect to a Plan 9 service.
80 in an authentication database.
81 It does not install a user on a Plan 9 file server; see
89 in the Plan 9 database.
91 asks twice for a password for the new
93 If the responses do not match
94 or the password is too easy to guess
99 also asks for an APOP secret.
100 This secret is used in the APOP (RFC1939),
102 Microsoft challenge/response protocols used for
103 POP3, IMAP, and VPN access.
109 in the SecureNet database and prints out a key for the SecureNet box.
121 in the Plan 9 database.
125 biographical information such as email address,
126 user name, sponsor and department number and
127 appends it to the file
133 re-encrypts the key file
135 Re-encryption is performed in place.
140 uses the key stored in NVRAM
141 to decrypt the file, and encrypts it using the new key.
144 prompts twice for the new password.
149 to also prompt for the old password.
155 The format of the key file changed between Release 2
160 However, in addition to rekeying, it converts from
161 the previous format to the Release 3 format.
164 displays the network key as it should be entered into the
165 hand-held Securenet box.
168 is a shell script that prints out everything known about
169 a user and the user's key status.
172 are shell scripts that enable/disable both the Plan 9 and
173 Netkey keys for individual users.
176 is the program, run only on the authentication server, that handles ticket requests
179 by an incoming call to the server
180 requesting a conversation ticket; its standard input and output
181 are the network connection.
183 executes the authentication server's end of the appropriate protocol as
188 is similar. It is called whenever a foreign (e.g. Unix) system wants
189 to do a SecureNet challenge/response authentication.
190 .SS Anywhere commands
192 The remaining commands need not be run on an authentication server.
195 attempts to authenticate using each
199 and prints progress reports.
202 prompts for a machine key, host owner, and host domain and stores them in
203 local non-volatile RAM.
206 allows a user to change his authenticated id to
209 sets up a new namespace from
219 sets up a new namespace from
226 If there are no arguments, it
232 adds to the current namespace instead of constructing a new one.
235 option enables debugging output.
238 sets up a new namespace from
246 its arguments under the new id.
247 If there are no arguments, it
250 It's an easy way to run a command as
259 is a single argument to
261 containing an arbitrary
264 This only works for the hostowner and only if
268 .TF /sys/lib/httppasswords
271 Speaksfor relationships and mappings for
275 List of users in the Plan 9 database.
278 List of users in the SecureNet database.
280 .B /sys/lib/httppasswords
281 List of realms and passwords for HTTP access.
292 Only CPU kernels permit changing userid.