changeuser, wrkey, convkeys, printnetkey, status, auth.srv, guard.srv - maintain authenti-
auth/changeuser [-np] user
auth/convkeys [-p] keyfile
These administrative commands run only on the authentication server. Changeuser manipu-
lates an authentication database file system served by keyfs(4) and used by file servers.
There are two authentication databases, one holding information about Plan 9 accounts and
one holding SecureNet keys. A user need not be installed in both databases but must be
installed in the Plan 9 database to connect to a Plan 9 service.
Changeuser installs or changes user in an authentication database. It does not install a
user on a Plan 9 file server; see fs(8) for that.
Option -p installs user in the Plan 9 database. Changeuser asks twice for a password for
the new user. If the responses do not match or the password is too easy to guess the user
is not installed.
Option -n installs user in the SecureNet database and prints out a key for the SecureNet
box. The key is chosen by changeuser.
If neither option -p or option -n is given, changeuser installs the user in the Plan 9
Changeuser prompts for biographical information such as email address, user name, sponsor
and department number and appends it to the file /adm/netkeys.who or /adm/keys.who.
Wrkey prompts for a machine key, host owner, and host domain and stores them in local non-
Convkeys re-encrypts the key file keyfile. Re-encryption is performed in place. Without
the -p option convkeys uses the key stored in /dev/keys to decrypt the file, and encrypts
it using the new key. By default, convkeys prompts twice for the new password. The -p
forces convkeys to also prompt for the old password. The format of keyfile is described
Printnetkey displays the network key as it should be entered into the hand-held Securenet
Status is a shell script that prints out everything known about a user and the user's key
Auth.srv is the program, run only on the authentication server, that handles ticket
requests on IL port 566. It is started by an incoming call to the server requesting a
conversation ticket; its standard input and output are the network connection. Auth.srv
executes the authentication server's end of the appropriate protocol as described in
Guard.srv is similar. It is called whenever a foreign (e.g. Unix) system wants to do a
SecureNet challenge/response authentication.
List of users in the Plan 9 database.
List of users in the SecureNet database.