GETAUTHINFO(8) GETAUTHINFO(8)
NAME
getauthinfo - obtain a certificate for authentication
SYNOPSIS
getauthinfo keyname
wm/getauthinfo
DESCRIPTION
Getauthinfo makes contact with logind(8) on a `signer', or
certifying authority, with which the user has previously
been registered using changelogin(8), to obtain a certifi-
cate that can later be presented to other Inferno services
to authenticate the user. If keyname starts with a `/', the
certificate is stored there; otherwise, it is stored in the
file /usr/user/keyring/keyname, where user is the name in
/dev/user (see cons(3)). The directory /usr/user/keyring
must exist.
The user is prompted for the following:
signer
The name of the signing server, for example
signer.froop.com. The default is the default signer
for the site: the value of SIGNER in the local network
configuration database (see ndb(6)).
remote user name
The name of the user for whom a certificate is to be
obtained. The default is the current user name in
/dev/user.
password
The user's password. The password entered on the client
must match the password previously stored on the server
using changelogin(8), or a certificate will be refused.
save in file?
The default is `no'. If the user responds `yes', the
certificate is written directly to the file. Other-
wise, getauthinfo becomes a file server, serving a
secure temporary file bound over the file name above
(because that is where applications look for it). The
temporary will disappear if the name is unmounted, or
Inferno is rebooted.
Note that the certificate will expire at or before expiry of
the password entry on the signer.
The signer needs its own key to endorse the certificates
Page 1 Plan 9 (printed 11/17/24)
GETAUTHINFO(8) GETAUTHINFO(8)
that it gives to clients. If a user requests a certificate
with getauthinfo(8) before the signer's key is created on
the signer (eg, using createsignerkey(8)), then the request
will be rejected with a suitable diagnostic by logind(8).
File servers
Machines that will be file servers must obtain a certificate
and save the certificate in a key file named default, thus:
getauthinfo default
The user invoking getauthinfo must be the same user who
later runs svc(8) to start the machine's services.
File server clients
Machines that wish to be authenticated clients of file
servers must obtain a certificate and store the certificate
in a file named net!machine. The file name must match
exactly the server address given to mount (see bind(1)). To
set the key, use
getauthinfo net!host
Window system interface
Getauthinfo has a visual counterpart wm/getauthinfo for use
under wm(1). It takes no arguments. It displays a window
prompting for all the information it needs, and offering
apparently sensible defaults. Apart from the different
interface, its function is otherwise the same as the command
line version.
FILES
/usr/user/keyring/net!machine where a certificate is
stored on a client
machine
/usr/user/keyring/default where a certificate is
stored on a file server
/lib/ndb/local contains the default host
name of the signer
SOURCE
/appl/cmd/getauthinfo.b
/appl/wm/getauthinfo.b
SEE ALSO
bind(1), changelogin(8), createsignerkey(8)
Page 2 Plan 9 (printed 11/17/24)