AUTH(8) AUTH(8)
NAME
changeuser, wrkey, convkeys, printnetkey, status, auth.srv,
guard.srv - maintain authentication databases
SYNOPSIS
auth/changeuser [-np] user
auth/wrkey
auth/convkeys [-p] keyfile
auth/printnetkey user
auth/status user
auth/auth.srv
auth/guard.srv
DESCRIPTION
These administrative commands run only on the authentication
server. Changeuser manipulates an authentication database
file system served by keyfs(4) and used by file servers.
There are two authentication databases, one holding informa-
tion about Plan 9 accounts and one holding SecureNet keys.
A user need not be installed in both databases but must be
installed in the Plan 9 database to connect to a Plan 9 ser-
vice.
Changeuser installs or changes user in an authentication
database. It does not install a user on a Plan 9 file
server; see fs(8) for that.
Option -p installs user in the Plan 9 database. Changeuser
asks twice for a password for the new user. If the responses
do not match or the password is too easy to guess the user
is not installed.
Option -n installs user in the SecureNet database and prints
out a key for the SecureNet box. The key is chosen by
changeuser.
If neither option -p or option -n is given, changeuser
installs the user in the Plan 9 database.
Changeuser prompts for biographical information such as
email address, user name, sponsor and department number and
appends it to the file /adm/netkeys.who or /adm/keys.who.
Wrkey prompts for a machine key, host owner, and host domain
Page 1 Plan 9 (printed 4/20/24)
AUTH(8) AUTH(8)
and stores them in local non-volatile RAM.
Convkeys re-encrypts the key file keyfile. Re-encryption is
performed in place. Without the -p option convkeys uses the
key stored in /dev/keys to decrypt the file, and encrypts it
using the new key. By default, convkeys prompts twice for
the new password. The -p forces convkeys to also prompt for
the old password. The format of keyfile is described in
keyfs(4).
Printnetkey displays the network key as it should be entered
into the hand-held Securenet box.
Status is a shell script that prints out everything known
about a user and the user's key status.
Auth.srv is the program, run only on the authentication
server, that handles ticket requests on IL port 566. It is
started by an incoming call to the server requesting a con-
versation ticket; its standard input and output are the net-
work connection. Auth.srv executes the authentication
server's end of the appropriate protocol as described in
auth(6).
Guard.srv is similar. It is called whenever a foreign (e.g.
Unix) system wants to do a SecureNet challenge/response
authentication.
FILES
/adm/keys.who List of users in the Plan 9 database.
/adm/netkeys.who List of users in the SecureNet database.
SOURCE
/sys/src/cmd/auth
SEE ALSO
keyfs(4), securenet(8)
Page 2 Plan 9 (printed 4/20/24)