mirror of https://github.com/mabam/CAP.git
108 lines
4.2 KiB
Groff
108 lines
4.2 KiB
Groff
.\" troff -man
|
|
.TH AUFSMKUSR 8L "Jun 20 1995" "AUFS Distributed Passwords"
|
|
.SH NAME
|
|
aufsmkusr \- AUFS distributed password tool
|
|
.SH SYNOPSIS
|
|
.B aufsmkusr
|
|
[
|
|
.BI \-f " <batch file>"
|
|
] [
|
|
.BI user\ ...
|
|
]
|
|
.SH DESCRIPTION
|
|
.I aufsmkusr
|
|
is the administrative tool used to create or edit distributed user password
|
|
files for AUFS Randnum or 2-Way Randnum user authentication (this replaces
|
|
the current AUFS authentication code which uses cleartext passwords). This
|
|
feature must be enabled in CAP AUFS by defining DISTRIB_PASSWDS at CAP
|
|
configuration time.
|
|
.sp
|
|
.I aufsmkusr
|
|
must be run by the UNIX superuser.
|
|
.sp
|
|
User password files are normally kept in ~user/.afppass, set to mode 0600
|
|
and owned by the user. The location and mode of the user password file may
|
|
be customised at compile time using the defines AFP_DISTPW_PATH
|
|
and AFP_DISTPW_MODE (useful, for example, if user home directories are
|
|
mounted via NFS from another machine). The user password files contain the
|
|
current password expiry date, minimum password length, maximum failed login
|
|
attempts (all can be set to zero to disable the feature), number of failed
|
|
login attempts and the user's AUFS password.
|
|
.sp
|
|
The ~user/.afppass files are encrypted with a global key created with the
|
|
.I aufsmkkey
|
|
tool. The global key is kept in the file /usr/local/lib/cap/afppass (or an
|
|
alternate file defined by AFP_DISTPW_FILE). The global file also stores
|
|
default values for password expiry (either an expiry period up to 10 years
|
|
or a global cutoff date), minimum AUFS password length and maximum failed
|
|
login attempts. This file is also encrypted and is expected to be owned by
|
|
user root and set to mode 0600.
|
|
.sp
|
|
AUFS passwords can only be altered by the user using the AppleShare
|
|
Workstation software (using the 'Set Password' button in the AppleShare
|
|
login dialog box). The software will not permit the new password to be
|
|
identical to the old password or to be the same as the user's UNIX
|
|
password.
|
|
.sp
|
|
.I aufsmkusr
|
|
may be used in batch or interactive modes.
|
|
.PP
|
|
The arguments that
|
|
.I aufsmkusr
|
|
accepts are:
|
|
.TP
|
|
.BI \-f " <batch file>"
|
|
.sp
|
|
specifies that
|
|
.I aufsmkusr
|
|
creates AUFS user password files for the users listed in the "batch file".
|
|
The format is expected to be 'username password' with one entry per line
|
|
and the user name and password separated by white space. Comment lines may
|
|
begin with the # character, blank lines are ignored. Passwords containing
|
|
spaces may be quoted with double quotes. Passwords are limited to a maximum
|
|
of 8 characters and will be truncated if longer.
|
|
.sp
|
|
If the batch file is not set to mode 0600, the program will exit
|
|
(since this is considered to be a security breach).
|
|
.sp
|
|
When created from a batch file, the default values for minimum password
|
|
length and maximum failed login attempts are read from the global key
|
|
file. The expiry date of the password is set to the current time. This
|
|
forces the users to change their passwords when they first connect to AUFS.
|
|
.TP
|
|
.BI user\ ...
|
|
.sp
|
|
If used in interactive mode,
|
|
.I aufsmkusr
|
|
may be used to edit or create a
|
|
password file for users listed on the command line. If no user name is
|
|
provided, it will be prompted for.
|
|
.sp
|
|
The minimum password length may be set to values between 0 (disabled) and 8.
|
|
Maximum failed login attempts to between 0 (disabled) and 255. If non-zero,
|
|
the current number of failed login attempts may also be edited (ie: reset).
|
|
.sp
|
|
The expiry date may be set to a period measured in days or months, for
|
|
example: 60d, 60, 2m are equivalent input values or to a specific date
|
|
using a string of the form YY/MM/DD and an optional HH:MM:SS. EG:
|
|
95/06/20 16:44:55 is Tuesday June 20, 1995 at 4:44:55pm.
|
|
.sp
|
|
If the user expiry date is later than the global expiry date, a warning
|
|
message is printed.
|
|
.sp
|
|
When the password has expired, the AppleShare user may still connect, but
|
|
the only command available is 'Set Password'. If the maximum number of login
|
|
failures have occurred, the user is advised that the account is disabled
|
|
and to contact the server administrator.
|
|
.sp
|
|
.SH FILES
|
|
~/.afppass - user password file.
|
|
.br
|
|
/usr/local/lib/cap/afppass - global key file.
|
|
.SH SEE ALSO
|
|
aufsmkkey(8), CAP (Columbia AppleTalk Package)
|
|
.SH AUTHOR
|
|
djh\@munnari.OZ.AU, June 1995.
|
|
.SH NOTICE
|
|
Copyright (c) 1995, The University of Melbourne.
|