Macintosh-SW
/
CAP
mirror of https://github.com/mabam/CAP.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
CAP/man/aufsmkusr.8

108 lines
4.2 KiB
Groff
Raw Permalink Blame History

.\" troff -man
.TH AUFSMKUSR 8L "Jun 20 1995" "AUFS Distributed Passwords"
.SH NAME
aufsmkusr \- AUFS distributed password tool
.SH SYNOPSIS
.B aufsmkusr
[
.BI \-f " <batch file>"
] [
.BI user\ ...
]
.SH DESCRIPTION
.I aufsmkusr
is the administrative tool used to create or edit distributed user password
files for AUFS Randnum or 2-Way Randnum user authentication (this replaces
the current AUFS authentication code which uses cleartext passwords). This
feature must be enabled in CAP AUFS by defining DISTRIB_PASSWDS at CAP
configuration time.
.sp
.I aufsmkusr
must be run by the UNIX superuser.
.sp
User password files are normally kept in ~user/.afppass, set to mode 0600
and owned by the user. The location and mode of the user password file may
be customised at compile time using the defines AFP_DISTPW_PATH
and AFP_DISTPW_MODE (useful, for example, if user home directories are
mounted via NFS from another machine). The user password files contain the
current password expiry date, minimum password length, maximum failed login
attempts (all can be set to zero to disable the feature), number of failed
login attempts and the user's AUFS password.
.sp
The ~user/.afppass files are encrypted with a global key created with the
.I aufsmkkey
tool. The global key is kept in the file /usr/local/lib/cap/afppass (or an
alternate file defined by AFP_DISTPW_FILE). The global file also stores
default values for password expiry (either an expiry period up to 10 years
or a global cutoff date), minimum AUFS password length and maximum failed
login attempts. This file is also encrypted and is expected to be owned by
user root and set to mode 0600.
.sp
AUFS passwords can only be altered by the user using the AppleShare
Workstation software (using the 'Set Password' button in the AppleShare
login dialog box). The software will not permit the new password to be
identical to the old password or to be the same as the user's UNIX
password.
.sp
.I aufsmkusr
may be used in batch or interactive modes.
.PP
The arguments that
.I aufsmkusr
accepts are:
.TP
.BI \-f " <batch file>"
.sp
specifies that
.I aufsmkusr
creates AUFS user password files for the users listed in the "batch file".
The format is expected to be 'username password' with one entry per line
and the user name and password separated by white space. Comment lines may
begin with the # character, blank lines are ignored. Passwords containing
spaces may be quoted with double quotes. Passwords are limited to a maximum
of 8 characters and will be truncated if longer.
.sp
If the batch file is not set to mode 0600, the program will exit
(since this is considered to be a security breach).
.sp
When created from a batch file, the default values for minimum password
length and maximum failed login attempts are read from the global key
file. The expiry date of the password is set to the current time. This
forces the users to change their passwords when they first connect to AUFS.
.TP
.BI user\ ...
.sp
If used in interactive mode,
.I aufsmkusr
may be used to edit or create a
password file for users listed on the command line. If no user name is
provided, it will be prompted for.
.sp
The minimum password length may be set to values between 0 (disabled) and 8.
Maximum failed login attempts to between 0 (disabled) and 255. If non-zero,
the current number of failed login attempts may also be edited (ie: reset).
.sp
The expiry date may be set to a period measured in days or months, for
example: 60d, 60, 2m are equivalent input values or to a specific date
using a string of the form YY/MM/DD and an optional HH:MM:SS. EG:
95/06/20 16:44:55 is Tuesday June 20, 1995 at 4:44:55pm.
.sp
If the user expiry date is later than the global expiry date, a warning
message is printed.
.sp
When the password has expired, the AppleShare user may still connect, but
the only command available is 'Set Password'. If the maximum number of login
failures have occurred, the user is advised that the account is disabled
and to contact the server administrator.
.sp
.SH FILES
~/.afppass - user password file.
.br
/usr/local/lib/cap/afppass - global key file.
.SH SEE ALSO
aufsmkkey(8), CAP (Columbia AppleTalk Package)
.SH AUTHOR
djh\@munnari.OZ.AU, June 1995.
.SH NOTICE
Copyright (c) 1995, The University of Melbourne.
Reference in New Issue View Git Blame Copy Permalink