[manual index][section index]

NAME

authsrv9 - plan 9 authentication server

SYNOPSYS

auth/authsrv9 [ -d ]
auth/passtokey password

DESCRIPTION

Authsrv9 implements the Plan 9 authentication service, issuing authentication tickets to clients. Tickets can be used to authenticate to a server that is in the same authentication domain as the authentication server.

Files mentioned in the following text are relative to /services/authsrv9, where all configuration files and user keys are stored. The authentication id (often `bootes') is read from /authid at start up. The authentication domain is read from /authdom. The file /badusers contains a list (one user per line, newline required) of users not allowed to authenticate to remote servers. All other information about users is in the directory /users/username, with username the name of the user. Each user directory holds the following files:


key
A 7-byte DES key.
expire
Either the string `never' or an expiration timestamp (unix epoch timestamp in ascii, newline forbidden).
status
`ok' indicates an enabled user, `disabled' indicates a disabled user. If a user has expired or is not enabled, the authentication server hands out unusable tickets.

Options:


-d
For debugging. Logs more information, e.g. decrypted ticket requests (which contain nonce keys!).

Logging information is written to /services/logs/authsrv9.

EXAMPLE

Start authsrv9: 
	listen -A 'net!*!ticket' auth/authsrv9

SOURCE

/appl/cmd/auth/authsrv9.b
/appl/cmd/auth/passtokey.b

SEE ALSO

factotum(4)
Authsrv in sections 6 and 8 of Plan 9's Programmer's Manual.

BUGS

Only regular ticket requests, and password change requests are implemented. Other authentication methods (e.g. challenge/response (as used by telnet), and those based on the `Inferno/APOP' secret) elicit a `not implemented' error message.

AUTHSRV9(8 ) Rev:  Wed Feb 22 04:14:06 GMT 2023