3 changeuser, convkeys, convkeys2, printnetkey, status, enable, disable, authsrv, guard.srv, debug, wrkey, login, newns, none, as \- maintain or query authentication databases
68 These administrative commands run only on the authentication server.
70 manipulates an authentication database file system served by
72 and used by file servers.
73 There are two authentication databases,
74 one holding information about Plan 9 accounts
75 and one holding SecureNet keys.
78 need not be installed in both databases
79 but must be installed in the Plan 9 database to connect to a Plan 9 service.
84 in an authentication database.
85 It does not install a user on a Plan 9 file server; see
93 in the Plan 9 database.
95 asks twice for a password for the new
97 If the responses do not match
98 or the password is too easy to guess
103 also asks for an APOP secret.
104 This secret is used in the APOP (RFC1939),
106 Microsoft challenge/response protocols used for
107 POP3, IMAP, and VPN access.
113 in the SecureNet database and prints out a key for the SecureNet box.
125 in the Plan 9 database.
129 biographical information such as email address,
130 user name, sponsor and department number and
131 appends it to the file
137 re-encrypts the key file
139 Re-encryption is performed in place.
144 uses the key stored in NVRAM
145 to decrypt the file, and encrypts it using the new key.
148 prompts twice for the new password.
153 to also prompt for the old password.
159 The format of the key file changed between Release 2
164 However, in addition to rekeying, it converts from
165 the previous format to the Release 3 format.
168 displays the network key as it should be entered into the
169 hand-held Securenet box.
172 is a shell script that prints out everything known about
173 a user and the user's key status.
176 are shell scripts that enable/disable both the Plan 9 and
177 Netkey keys for individual users.
180 is the program, run only on the authentication server, that handles ticket requests
183 by an incoming call to the server
184 requesting a conversation ticket; its standard input and output
185 are the network connection.
187 executes the authentication server's end of the appropriate protocol as
192 is similar. It is called whenever a foreign (e.g. Unix) system wants
193 to do a SecureNet challenge/response authentication.
194 .SS Anywhere commands
196 The remaining commands need not be run on an authentication server.
199 attempts to authenticate using each
203 and prints progress reports.
206 prompts for a machine key, host owner, and host domain and stores them in
207 local non-volatile RAM.
210 allows a user to change his authenticated id to
213 sets up a new namespace from
223 sets up a new namespace from
230 If there are no arguments, it
236 adds to the current namespace instead of constructing a new one.
239 option enables debugging output.
242 sets up a new namespace from
250 its arguments under the new id.
251 If there are no arguments, it
254 It's an easy way to run a command as
263 is a single argument to
265 containing an arbitrary
268 This only works for the hostowner and only if
272 .TF /sys/lib/httppasswords
275 Speaksfor relationships and mappings for
279 List of users in the Plan 9 database.
282 List of users in the SecureNet database.
284 .B /sys/lib/httppasswords
285 List of realms and passwords for HTTP access.
296 Only CPU kernels permit changing userid.