GETAUTHINFO(8)GETAUTHINFO(8)NAMEgetauthinfo - obtain a certificate for authentication
SYNOPSISgetauthinfo keyname
wm/getauthinfo
DESCRIPTION
Getauthinfo makes contact with logind(8) on a `signer', or certifying
authority, with which the user has previously been registered using
changelogin(8), to obtain a certificate that can later be presented to
other Inferno services to authenticate the user. If keyname starts
with a `/', the certificate is stored there; otherwise, it is stored in
the file /usr/user/keyring/keyname, where user is the name in /dev/user
(see cons(3)). The directory /usr/user/keyring must exist.
The user is prompted for the following:
signer The name of the signing server, for example signer.froop.com.
The default is the default signer for the site: the value of
SIGNER in the local network configuration database (see ndb(6)).
remote user name
The name of the user for whom a certificate is to be obtained.
The default is the current user name in /dev/user.
password
The user's password. The password entered on the client must
match the password previously stored on the server using
changelogin(8), or a certificate will be refused.
save in file?
The default is `no'. If the user responds `yes', the certificate
is written directly to the file. Otherwise, getauthinfo becomes
a file server, serving a secure temporary file bound over the
file name above (because that is where applications look for
it). The temporary will disappear if the name is unmounted, or
Inferno is rebooted.
Note that the certificate will expire at or before expiry of the pass‐
word entry on the signer.
The signer needs its own key to endorse the certificates that it gives
to clients. If a user requests a certificate with getauthinfo(8)
before the signer's key is created on the signer (eg, using createsign‐
erkey(8)), then the request will be rejected with a suitable diagnostic
by logind(8).
File servers
Machines that will be file servers must obtain a certificate and save
the certificate in a key file named default, thus:
getauthinfo default
The user invoking getauthinfo must be the same user who later runs
svc(8) to start the machine's services.
File server clients
Machines that wish to be authenticated clients of file servers must
obtain a certificate and store the certificate in a file named
net!machine. The file name must match exactly the server address given
to mount (see bind(1)). To set the key, use
getauthinfo net!host
Window system interface
Getauthinfo has a visual counterpart wm/getauthinfo for use under
wm(1). It takes no arguments. It displays a window prompting for all
the information it needs, and offering apparently sensible defaults.
Apart from the different interface, its function is otherwise the same
as the command line version.
FILES
/usr/user/keyring/net!machine
where a certificate is stored on a client machine
/usr/user/keyring/default
where a certificate is stored on a file server
/lib/ndb/local
contains the default host name of the signer
SOURCE
/appl/cmd/getauthinfo.b
/appl/wm/getauthinfo.b
SEE ALSObind(1), changelogin(8), createsignerkey(8)GETAUTHINFO(8)
