SECSTORE(8)SECSTORE(8)
NAME
secstored, secuser – secstore commands
SYNOPSIS
auth/secstored
[-R]
[
-S servername
] [
-s address
] [
-x network
] [
-v
]
auth/secuser
[
-v
]
username
DESCRIPTION
Secstored
serves requests from
secstore(1).
By default it listens on port
tcp!*!5356;
the
-s
option specifies an alternative
address.
In the connection protocol,
secstored
describes itself as service
secstore,
but the
-S
option can specify a different
servername.
The
-R
option supplements the password check with a
call to a RADIUS server, for checking hardware
tokens or other validation.
The
-x
option specifies an alternative
network
to the default
/net.
By default,
secstored
puts itself into the background;
the
-v
option enables a verbose debugging mode that suppresses that.
Secuser
is an administrative command that runs on the
secstore machine, normally the authserver,
to create new accounts and
to change status on existing accounts.
It prompts for account information such as
password and expiration date, writing to
/adm/secstore/who/user
for a given secstore
user.
The directory
/adm/secstore
should be created mode 770 with owner or group allowing access to the user
that runs
secstored.
The
-v
option makes the command chattier.
By default,
secstored
warns the client if no account exists.
If you prefer to obscure this information, use
secuser
to create an account
FICTITIOUS.
FILES
/adm/secstore/who/user
secstore
account name, expiration date, verifier
/adm/secstore/store/user/
user ’s
file storage
/lib/ndb/auth
for mapping local userid to RADIUS userid
/sys/log/secstore
log file (if it does not exist,
secstored
logs to
/dev/cons)
SOURCE
/sys/src/cmd/auth/secstore
SEE
secstore(1)