SECSTORE(8)SECSTORE(8)NAME
secstored, secuser - secstore commands
SYNOPSIS
auth/secstored [-R] [ -S servername ] [ -s address ] [ -x network ] [
-v ]
auth/secuser [ -v ] username
DESCRIPTION
Secstored serves requests from secstore(1). By default it listens on
port tcp!*!5356; the -s option specifies an alternative address. In
the connection protocol, secstored describes itself as service sec‐
store, but the -S option can specify a different servername. The -R
option supplements the password check with a call to a RADIUS server,
for checking hardware tokens or other validation. The -x option speci‐
fies an alternative network to the default /net. By default, secstored
puts itself into the background; the -v option enables a verbose debug‐
ging mode that suppresses that.
Secuser is an administrative command that runs on the secstore machine,
normally the authserver, to create new accounts and to change status on
existing accounts. It prompts for account information such as password
and expiration date, writing to /adm/secstore/who/user for a given sec‐
store user. The directory /adm/secstore should be created mode 770
with owner or group allowing access to the user that runs secstored.
The -v option makes the command chattier.
By default, secstored warns the client if no account exists. If you
prefer to obscure this information, use secuser to create an account
FICTITIOUS.
FILES
/adm/secstore/who/user
secstore account name, expiration date, verifier
/adm/secstore/store/user/
user 's file storage
/lib/ndb/auth
for mapping local userid to RADIUS userid
/sys/log/secstore
log file (if it does not exist, secstored logs to /dev/cons)
SOURCE
/sys/src/cmd/auth/secstore
SEE ALSOsecstore(1)SECSTORE(8)
