AUTH(5)                                                   AUTH(5)

     NAME
          auth - file system authentication

     SYNOPSIS
          Tauth  tag[2] fid[2] uid[28] chal[36]
          Rauth  tag[2] fid[2] chal[30]

     DESCRIPTION
          The auth message is used to authorize a connection.  It is
          issued before an attach.  Fid and uid are the same as for
          attach.

          The chal field of a Tauth message contains a 36-byte string
          encrypted with the client's authentication key.  The
          (decrypted) string contains a byte with value 1, a seven
          byte client challenge, and the server's name NUL-padded to
          28 (NAMELEN) bytes.

          The chal field of the Rauth reply message is also encrypted
          with the client's key.  The decrypted string contains a byte
          with value 4, the client's challenge, a seven byte ticket
          key, and a fifteen byte ticket. The ticket is placed in the
          auth field of a subsequent attach message to validate a con-
          nection.

          The ticket key is currently unused.  It may one day be used
          to encrypt subsequent communication with the server.

          These messages are also documented in the section of auth(6)
          describing the fsauth protocol.

          If a server does not perform authentication, it should
          return an Rerror when it receives an auth.

     ENTRY POINTS
          Mount (see bind(2)) generates an auth transaction to the
          remote file server.  When the kernel boots, an auth is made
          to the requested file server machine.

     SEE ALSO
          auth(6)

     Page 1                       Plan 9            (printed 12/21/24)