KEYFS(4)                                                 KEYFS(4)

          keyfs - encrypted key storage

          auth/keyfs [ -D ] [ -m mountpoint ] [ -n nvram ] [ keyfile ]

          Keyfs serves a two-level name space for storing authentica-
          tion data, specifically the status and secrets of each user
          to whom logind(8) can issue a certificate.  The data is
          stored in keyfile (default: /keydb/keys), encrypted by a
          master key using AES (see keyring-crypt(2)). Keyfs should be
          started only on the machine acting as authentication server
          (signer), before a listener is started for signer(8). Note
          that signer and keyfs must share the name space.  Further-
          more, no other application except the console should see
          that name space.

          Keyfs prompts for the master key, reads and decrypts
          keyfile, and serves files representing the contents at
          mountpoint in the name space (default: /mnt/keys).

          Each user in keyfile is represented by a directory
          mountpoint/user.  Each such directory has the following

          log     A count of the number of failed authentications.
                  Writing bad to the file increments the count; writ-
                  ing good resets it to 0.  When the count reaches
                  some implementation-defined limit, the account sta-
                  tus is set to disabled (see the status file below).
          expire  The time in seconds since the epoch when the account
                  will expire, or the text never if it has no expira-
                  tion time.  The string never or a number can be
                  written to the file to set a new expiry time.
          secret  The secret (supposedly) known only to the user and
                  the authentication service.  A secret is any
                  sequence of bytes between 0 and 255 bytes long; it
                  is initially empty.  The length of the file returned
                  by sys-stat(2) is the length of the secret.  If the
                  account has expired or is disabled, an attempt to
                  read the file will give an error.
          status  The current status of the user's account, either ok
                  or disabled.  Either string can be written to the
                  file to change the state accordingly.

          To add a new account, make a directory with that name in
          mountpoint. It must not already exist.  To remove an
          account, remove the corresponding directory; to rename an
          account, rename the directory.

     Page 1                       Plan 9             (printed 4/19/21)

     KEYFS(4)                                                 KEYFS(4)

          All changes made via file system operations in mountpoint
          result in appropriate changes to keyfile.

          If the -n option is given, instead of prompting for the mas-
          ter key, keyfs will read it from the file nvram. Obviously
          that file should be well-protected from ordinary observers.

          The -D option enables tracing of the file service protocol,
          for debugging.


          changelogin(8), logind(8), signer(8)

     Page 2                       Plan 9             (printed 4/19/21)