AUFSMKKEY(8L) MISC. REFERENCE MANUAL PAGES AUFSMKKEY(8L)
NAME
aufsmkkey - AUFS distributed password global key tool
SYNOPSIS
aufsmkkey
DESCRIPTION
aufsmkkey is the administrative tool used to create or edit
the global key file used for AUFS Randnum or 2-Way Randnum
user authentication (this replaces the current AUFS authen-
tication code which uses cleartext passwords). This feature
must be enabled in CAP AUFS by defining DISTRIB_PASSWDS at
CAP configuration time.
aufsmkkey must be run by the UNIX superuser.
The global key is kept in the file
/usr/local/lib/cap/afppass (or an alternate file defined by
AFP_DISTPW_FILE) and is used to encrypt the contents of each
user password file. The global file also stores default
values for password expiry (either an expiry period up to 10
years or a global cutoff date), minimum AUFS password length
and maximum failed login attempts. This file is also
encrypted and is expected to be owned by user root and set
to mode 0600.
User password files are created or edited by the aufsmkusr
tool and are normally kept in ~user/.afppass, set to mode
0600 and owned by the user. The location and mode of the
user password file may be customised at compile time using
the defines AFP_DISTPW_PATH and AFP_DISTPW_MODE (useful, for
example, if user home directories are mounted via NFS from
another machine). The user password files contain the
current password expiry date, minimum password length, max-
imum failed login attempts (all can be set to zero to dis-
able the feature), number of failed login attempts and the
user's AUFS password.
AUFS passwords can only be altered by the user using the
AppleShare Workstation software (using the 'Set Password'
button in the AppleShare login dialog box). The software
will not permit the new password to be identical to the old
password or to be the same as the user's UNIX password.
The minimum password length may be set to values between 0
(disabled) and 8. Maximum failed login attempts to between
0 (disabled) and 255.
The expiry date may be set to a period measured in days or
months, for example: 60d, 60, 2m are equivalent input values
or to a specific date using a string of the form YY/MM/DD
and an optional HH:MM:SS. EG: 95/06/20 16:44:55 is Tuesday
AUFS Distributed Passwords Last change: Jun 20 1995 1
AUFSMKKEY(8L) MISC. REFERENCE MANUAL PAGES AUFSMKKEY(8L)
June 20, 1995 at 4:44:55pm.
When the password has expired, the AppleShare user may still
connect, but the only command available is 'Set Password'.
If the maximum number of login failures have occurred, the
user is advised that the account has been disabled and to
contact the server administrator.
FILES
~/.afppass - user password file.
/usr/local/lib/cap/afppass - global key file.
SEE ALSO
aufsmkusr(8), CAP (Columbia AppleTalk Package)
AUTHOR
djh@munnari.OZ.AU, June 1995.
NOTICE
Copyright (c) 1995, The University of Melbourne.
AUFS Distributed Passwords Last change: Jun 20 1995 2