AUFSMKUSR(8L) MISC. REFERENCE MANUAL PAGES AUFSMKUSR(8L)
NAME
aufsmkusr - AUFS distributed password tool
SYNOPSIS
aufsmkusr [ -f batch file ] [ user ... ]
DESCRIPTION
aufsmkusr is the administrative tool used to create or edit
distributed user password files for AUFS Randnum or 2-Way
Randnum user authentication (this replaces the current AUFS
authentication code which uses cleartext passwords). This
feature must be enabled in CAP AUFS by defining
DISTRIB_PASSWDS at CAP configuration time.
aufsmkusr must be run by the UNIX superuser.
User password files are normally kept in ~user/.afppass, set
to mode 0600 and owned by the user. The location and mode of
the user password file may be customised at compile time
using the defines AFP_DISTPW_PATH and AFP_DISTPW_MODE (use-
ful, for example, if user home directories are mounted via
NFS from another machine). The user password files contain
the current password expiry date, minimum password length,
maximum failed login attempts (all can be set to zero to
disable the feature), number of failed login attempts and
the user's AUFS password.
The ~user/.afppass files are encrypted with a global key
created with the aufsmkkey tool. The global key is kept in
the file /usr/local/lib/cap/afppass (or an alternate file
defined by AFP_DISTPW_FILE). The global file also stores
default values for password expiry (either an expiry period
up to 10 years or a global cutoff date), minimum AUFS pass-
word length and maximum failed login attempts. This file is
also encrypted and is expected to be owned by user root and
set to mode 0600.
AUFS passwords can only be altered by the user using the
AppleShare Workstation software (using the 'Set Password'
button in the AppleShare login dialog box). The software
will not permit the new password to be identical to the old
password or to be the same as the user's UNIX password.
aufsmkusr may be used in batch or interactive modes.
The arguments that aufsmkusr accepts are:
-f batch file
specifies that aufsmkusr creates AUFS user password
files for the users listed in the "batch file". The
format is expected to be 'username password' with one
AUFS Distributed Passwords Last change: Jun 20 1995 1
AUFSMKUSR(8L) MISC. REFERENCE MANUAL PAGES AUFSMKUSR(8L)
entry per line and the user name and password separated
by white space. Comment lines may begin with the #
character, blank lines are ignored. Passwords contain-
ing spaces may be quoted with double quotes. Passwords
are limited to a maximum of 8 characters and will be
truncated if longer.
If the batch file is not set to mode 0600, the program
will exit (since this is considered to be a security
breach).
When created from a batch file, the default values for
minimum password length and maximum failed login
attempts are read from the global key file. The expiry
date of the password is set to the current time. This
forces the users to change their passwords when they
first connect to AUFS.
user ...
If used in interactive mode, aufsmkusr may be used to
edit or create a password file for users listed on the
command line. If no user name is provided, it will be
prompted for.
The minimum password length may be set to values
between 0 (disabled) and 8. Maximum failed login
attempts to between 0 (disabled) and 255. If non-zero,
the current number of failed login attempts may also be
edited (ie: reset).
The expiry date may be set to a period measured in days
or months, for example: 60d, 60, 2m are equivalent
input values or to a specific date using a string of
the form YY/MM/DD and an optional HH:MM:SS. EG:
95/06/20 16:44:55 is Tuesday June 20, 1995 at
4:44:55pm.
If the user expiry date is later than the global expiry
date, a warning message is printed.
When the password has expired, the AppleShare user may
still connect, but the only command available is 'Set
Password'. If the maximum number of login failures have
occurred, the user is advised that the account is dis-
abled and to contact the server administrator.
FILES
~/.afppass - user password file.
/usr/local/lib/cap/afppass - global key file.
AUFS Distributed Passwords Last change: Jun 20 1995 2
AUFSMKUSR(8L) MISC. REFERENCE MANUAL PAGES AUFSMKUSR(8L)
SEE ALSO
aufsmkkey(8), CAP (Columbia AppleTalk Package)
AUTHOR
djh@munnari.OZ.AU, June 1995.
NOTICE
Copyright (c) 1995, The University of Melbourne.
AUFS Distributed Passwords Last change: Jun 20 1995 3