GETAUTHINFO(8)                                     GETAUTHINFO(8)

     NAME
          getauthinfo - obtain a certificate for authentication

     SYNOPSIS
          getauthinfo keyname

          wm/getauthinfo

     DESCRIPTION
          Getauthinfo makes contact with logind(8) on a `signer', or
          certifying authority, with which the user has previously
          been registered using changelogin(8), to obtain a certifi-
          cate that can later be presented to other Inferno services
          to authenticate the user.  If keyname starts with a `/', the
          certificate is stored there; otherwise, it is stored in the
          file /usr/user/keyring/keyname, where user is the name in
          /dev/user (see cons(3)). The directory /usr/user/keyring
          must exist.

          The user is prompted for the following:

          signer
               The name of the signing server, for example
               signer.froop.com.  The default is the default signer
               for the site: the value of SIGNER in the local network
               configuration database (see ndb(6)).

          remote user name
               The name of the user for whom a certificate is to be
               obtained. The default is the current user name in
               /dev/user.

          password
               The user's password. The password entered on the client
               must match the password previously stored on the server
               using changelogin(8), or a certificate will be refused.

          save in file?
               The default is `no'. If the user responds `yes', the
               certificate is written directly to the file.  Other-
               wise, getauthinfo becomes a file server, serving a
               secure temporary file bound over the file name above
               (because that is where applications look for it).  The
               temporary will disappear if the name is unmounted, or
               Inferno is rebooted.

          Note that the certificate will expire at or before expiry of
          the password entry on the signer.

          The signer needs its own key to endorse the certificates

     Page 1                       Plan 9            (printed 11/23/24)

     GETAUTHINFO(8)                                     GETAUTHINFO(8)

          that it gives to clients.  If a user requests a certificate
          with getauthinfo(8) before the signer's key is created on
          the signer (eg, using createsignerkey(8)), then the request
          will be rejected with a suitable diagnostic by logind(8).

        File servers
          Machines that will be file servers must obtain a certificate
          and save the certificate in a key file named default, thus:

               getauthinfo default

          The user invoking getauthinfo must be the same user who
          later runs svc(8) to start the machine's services.

        File server clients
          Machines that wish to be authenticated clients of file
          servers must obtain a certificate and store the certificate
          in a file named net!machine.  The file name must match
          exactly the server address given to mount (see bind(1)). To
          set the key, use

               getauthinfo net!host

        Window system interface
          Getauthinfo has a visual counterpart wm/getauthinfo for use
          under wm(1). It takes no arguments.  It displays a window
          prompting for all the information it needs, and offering
          apparently sensible defaults.  Apart from the different
          interface, its function is otherwise the same as the command
          line version.

     FILES
          /usr/user/keyring/net!machine      where a certificate is
                                             stored on a client
                                             machine
          /usr/user/keyring/default          where a certificate is
                                             stored on a file server
          /lib/ndb/local                     contains the default host
                                             name of the signer

     SOURCE
          /appl/cmd/getauthinfo.b
          /appl/wm/getauthinfo.b

     SEE ALSO
          bind(1), changelogin(8), createsignerkey(8)

     Page 2                       Plan 9            (printed 11/23/24)