.\" troff -man .TH AUFSMKUSR 8L "Jun 20 1995" "AUFS Distributed Passwords" .SH NAME aufsmkusr \- AUFS distributed password tool .SH SYNOPSIS .B aufsmkusr [ .BI \-f " " ] [ .BI user\ ... ] .SH DESCRIPTION .I aufsmkusr is the administrative tool used to create or edit distributed user password files for AUFS Randnum or 2-Way Randnum user authentication (this replaces the current AUFS authentication code which uses cleartext passwords). This feature must be enabled in CAP AUFS by defining DISTRIB_PASSWDS at CAP configuration time. .sp .I aufsmkusr must be run by the UNIX superuser. .sp User password files are normally kept in ~user/.afppass, set to mode 0600 and owned by the user. The location and mode of the user password file may be customised at compile time using the defines AFP_DISTPW_PATH and AFP_DISTPW_MODE (useful, for example, if user home directories are mounted via NFS from another machine). The user password files contain the current password expiry date, minimum password length, maximum failed login attempts (all can be set to zero to disable the feature), number of failed login attempts and the user's AUFS password. .sp The ~user/.afppass files are encrypted with a global key created with the .I aufsmkkey tool. The global key is kept in the file /usr/local/lib/cap/afppass (or an alternate file defined by AFP_DISTPW_FILE). The global file also stores default values for password expiry (either an expiry period up to 10 years or a global cutoff date), minimum AUFS password length and maximum failed login attempts. This file is also encrypted and is expected to be owned by user root and set to mode 0600. .sp AUFS passwords can only be altered by the user using the AppleShare Workstation software (using the 'Set Password' button in the AppleShare login dialog box). The software will not permit the new password to be identical to the old password or to be the same as the user's UNIX password. .sp .I aufsmkusr may be used in batch or interactive modes. .PP The arguments that .I aufsmkusr accepts are: .TP .BI \-f " " .sp specifies that .I aufsmkusr creates AUFS user password files for the users listed in the "batch file". The format is expected to be 'username password' with one entry per line and the user name and password separated by white space. Comment lines may begin with the # character, blank lines are ignored. Passwords containing spaces may be quoted with double quotes. Passwords are limited to a maximum of 8 characters and will be truncated if longer. .sp If the batch file is not set to mode 0600, the program will exit (since this is considered to be a security breach). .sp When created from a batch file, the default values for minimum password length and maximum failed login attempts are read from the global key file. The expiry date of the password is set to the current time. This forces the users to change their passwords when they first connect to AUFS. .TP .BI user\ ... .sp If used in interactive mode, .I aufsmkusr may be used to edit or create a password file for users listed on the command line. If no user name is provided, it will be prompted for. .sp The minimum password length may be set to values between 0 (disabled) and 8. Maximum failed login attempts to between 0 (disabled) and 255. If non-zero, the current number of failed login attempts may also be edited (ie: reset). .sp The expiry date may be set to a period measured in days or months, for example: 60d, 60, 2m are equivalent input values or to a specific date using a string of the form YY/MM/DD and an optional HH:MM:SS. EG: 95/06/20 16:44:55 is Tuesday June 20, 1995 at 4:44:55pm. .sp If the user expiry date is later than the global expiry date, a warning message is printed. .sp When the password has expired, the AppleShare user may still connect, but the only command available is 'Set Password'. If the maximum number of login failures have occurred, the user is advised that the account is disabled and to contact the server administrator. .sp .SH FILES ~/.afppass - user password file. .br /usr/local/lib/cap/afppass - global key file. .SH SEE ALSO aufsmkkey(8), CAP (Columbia AppleTalk Package) .SH AUTHOR djh\@munnari.OZ.AU, June 1995. .SH NOTICE Copyright (c) 1995, The University of Melbourne.