[Top] [Prev] [Next]

getauthinfo - command to create/obtain a certificate for authentication

getauthinfo id

server command

 On a 'signer' server, the getauthinfo command provides an interactive means to create a certificate for a user. The id is specified as the file name, default. Before issuing the getauthinfo command, a directory must exist on the server with the name /usr/inferno/keyring.

client command

On a client, the getauthinfo command provides a means to obtain a user's certificate from a 'signer' server. The id is of the form net!machine, where machine is the address of the 'signer' server (see bind, mount, unmount - change name space for more information about addresses of this form).

In order to perform authentication, two machines must have a certificate from the same 'signer' server. To save a certificate in a file on a client, a directory /usr/username/keyring must be created on the client, where username is the name of the user for whom the certificate is to be obtained.

user responses

The user is prompted for the following items:
signer

 the name of the 'signer' server, for example, pcwork1.company.com. The default is the name in the file /services/cs/db.

remote user name

 the name of the user for whom a certificate is either to be created on the server or retrieved on the client. The default is the name in /dev/user.

password

 the password for the user. The password entered on the client must match the password on the server in order to retrieve a certificate. This password can be stored in encrypted form on the server with the changelogin command (see changelogin earlier in this chapter). The password must be at least 7 characters.

save in file

 the default is no. If the user responds "yes" on a client, the certificate is stored on the client in the file /usr/username/keyring/net!machine. On the server, the user should respond "yes," and the newly created certificate is stored in the file /usr/Inferno/keyring/default.

Files
/usr/username/keyring/net!machine

 where a certificate is stored on a client machine

/usr/inferno/keyring/default

 where a certificate is stored on a 'signer' server.

/services/cs/db

 contains the default name of the 'signer' server.

See Also

 changelogin - command to create/update the password file

login, getauthinfo - get an Authinfo adt from a certificate authority


[Top] [Prev] [Next]

infernosupport@lucent.com
Copyright © 1996,Lucent Technologies, Inc. All rights reserved.