keyfs, warning – authentication database files
serves a two-level file tree for manipulating authentication information.
It runs on the machine providing authentication service for the local
Plan 9 network, which may be a dedicated authentication server or
a CPU server.
The programs described in
as their interface to the authentication database.
reads and decrypts file
using the DES or AES key,
which is by default read from
prompts for a password from which the key is derived.
holds a 41-byte (57-byte for AES) record for each user in the database.
Each record contains the user’s name,
and AES key.
The name is a
The status is a byte containing
binary 0 if the account is enabled,
1 if it is disabled.
Warning status is a byte containing
the number of user expiration notifications.
The expiration date is four-byte little-endian integer
which represents the time in seconds since the epoch
at which the account will expire.
The secret password is a null-terminated
If any changes are made to the database that affect the information stored in
a new version of the file is written.
option is given, the database is mounted ‘read-only’ and no changes are permitted.
There are two authentication databases,
one for Plan 9 user information,
and one for SecureNet user information.
A user need not be installed in both databases
but must be installed in the Plan 9 database to connect to a Plan 9 server.
serves an interpretation of the
in the file tree rooted at
is represented as the directory
Making a new directory in
creates a new user entry in the database.
Removing a directory removes the user entry,
and renaming it changes the name in the entry.
Such changes are reflected immediately in
does not allow duplicate names when creating or renaming user entries.
All files in the user directories except for
strings with a trailing newline when read,
and should be written as
strings with or without a trailing newline.
encryption key for the user.
The following files appear in the user directories.
The authentication key for the user.
If the user’s account is disabled or expired,
reading this file returns an error.
changes the key in the database.
The AES encryption key for the user.
The secret password.
The number of consecutive failed authentication attempts for the user.
Writing the string
increments this number; writing
resets it to 0.
This number is not stored in
and is initialized to 0 when
When the number reaches a multiple of ten,
temporarily disables the account for that many seconds.
Reads from the
files during this time return the error
“user in purgatory.”
The current status of the account, either
enables the account;
The expiration time for the account.
When read, it contains either the string
or the time in seconds since the epoch
that the account will expire.
When written with strings of the same form,
it sets the expiration date for the user.
If the expiration date is reached,
the account is not disabled,
cannot be read without an error.
option is on,
runs the command
once every 24 hours to mail people about expiring keys.
Warnings are sent 14 days and 7 days prior to expiration.
The argument to
is passed to
to restrict the warnings to
the Plan 9 or SecureNet database.
The default for
is not to call
own default is to warn about both.
are used to find the mail addresses to send to.
The first word on each line identifies
Any subsequent strings on the line delimited ’<’ and ’>’ are considered mail
addresses to send warnings to.
If multiple lines match a user, the last in the file is used.
adds lines to these files.
Encrypted key file for the Plan 9 database.
Encrypted key file for the SecureNet database.
List of users in the Plan 9 database.
List of users in the SecureNet database.
The non-volatile RAM on the server, which holds the key used
to decrypt key files.