.\" Automatically generated by Pod::Man version 1.15 .\" Fri Dec 20 09:52:45 2002 .\" .\" Standard preamble: .\" ====================================================================== .de Sh \" Subsection heading .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a .\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used .\" to do unbreakable dashes and therefore won't be available. \*(C` and .\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" If the F register is turned on, we'll generate index entries on stderr .\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and .\" index entries marked with X<> in POD. Of course, you'll have to process .\" the output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .\" .\" For nroff, turn off justification. Always turn off hyphenation; it .\" makes way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. .bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ====================================================================== .\" .IX Title "sfs_users 5" .TH sfs_users 5 "SFS 0.7.2" "2002-12-20" "SFS 0.7.2" .UC .SH "NAME" sfs_users \- user-authentication database .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fIsfs_users\fR file, maintained and used by the \&\fBsfsauthd\fR program, maps public keys to local users and groups. It is roughly analogous to the Unix \fI/etc/passwd\fR file. Each line of \fIsfs_users\fR has the following format (split into two lines here only for clarity of presentation): .PP [USER|GROUP]:user:uid:version:gid:owner:pubkey:privs :srp:privkey:srvprivkey:audit .Ip "user" 4 .IX Item "user" \&\fIuser\fR is the unique name of a public key in the database. Ordinarily it is the same as a username in the local password file. However, in certain cases it may be useful to map multiple public keys to the same local account (for instance if several people have an account with root privileges). In such cases, each key should be given a unique name (e.g., \fBdm/root\fR, \fBkaminsky/root\fR, etc.). .Ip "uid" 4 .IX Item "uid" \&\fIuid\fR is the user's user \s-1ID\s0 on the given server. .Ip "version" 4 .IX Item "version" \&\fIversion\fR is the version number of this record in the users database. Upon registration, this value is set to 1. Upon every subsequent update, this value is incremented by 1. .Ip "gid" 4 .IX Item "gid" \&\fIgid\fR is the users's group \s-1ID\s0 on the given server. .Ip "owner" 4 .IX Item "owner" This field is ignored as of \s-1SFS\s0 0.7. .Ip "pubkey" 4 .IX Item "pubkey" \&\fIpubkey\fR is an \s-1ASCII\s0, human-readable representation of the user's public key. Can be either a Rabin or 2\-Schnorr public key as of \s-1SFS\s0 0.7. .Ip "privs" 4 .IX Item "privs" The \fIprivs\fR field indicates whether a field can be updated by the \s-1SFS\s0 admin\*(--given of course that a Userfile is included with the \&\fB\-admin\fR option. .Ip "srp" 4 .IX Item "srp" \&\fIsrp\fR is the server-side information for the \s-1SRP\s0 protocol. Unlike the previous fields, this information must be kept secret. If the information is disclosed, an attacker may be able to impersonate the server by causing the \fBsfskey add\fR command to fetch the wrong \fIHostID\fR. Note also that \fISRP-info\fR is specific to a particular hostname. If you change the \fILocation\fR of a file server, users will need to register new \fISRP-info\fR. .Ip "privkey" 4 .IX Item "privkey" \&\fIprivkey\fR is actually opaque to \fBsfsauthd\fR. It is private, per-user data that \fBsfsauthd\fR will return to users who successfully complete the \s-1SRP\s0 protocol. Currently, \fBsfskey\fR users this field to store an encrypted copy of a user's private key, allowing the user to retrieve the private key over the network. .Ip "srvprivkey" 4 .IX Item "srvprivkey" If a user has chosen 2\-Schnorr proactive signatures, the server's half of the private key is kept in this field. .Ip "audit" 4 .IX Item "audit" \&\fIaudit\fR contains the time, source \s-1IP\s0 address, and description of the last update to this field. Useful in recovering from a compromised key. .PP Note if you edit \fIsfs_users\fR files by hand, you risk overwriting concurrent updates by \fBsfsauthd\fR. Use the \fBvidb\fR command to lock \fIsfs_users\fR files while you edit them. .SH "FILES" .IX Header "FILES" .Ip "\fI/etc/sfs/sfs_users\fR" 4 .IX Item "/etc/sfs/sfs_users" .PD 0 .Ip "\fI/usr/local/share/sfs/sfs_users\fR" 4 .IX Item "/usr/local/share/sfs/sfs_users" .PD user-authentication database .PP (Files in \fI/etc/sfs\fR supersede default versions in \fI/usr/local/share/sfs\fR.) .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIdirsearch\fR\|(1), \fInewaid\fR\|(1), \fIrex\fR\|(1), \fIsfsagent\fR\|(1), \fIsfskey\fR\|(1), \fIssu\fR\|(1), \fIsfs_config\fR\|(5), \fIsfs_srp_params\fR\|(5), \fIsfsauthd_config\fR\|(5), \fIsfscd_config\fR\|(5), \fIsfsrwsd_config\fR\|(5), \fIsfssd_config\fR\|(5), \fIfunmount\fR\|(8), \fIsfsauthd\fR\|(8), \fIsfscd\fR\|(8), \fIsfsrwsd\fR\|(8), \fIsfssd\fR\|(8), \fIvidb\fR\|(8) .PP The full documentation for \fB\s-1SFS\s0\fR is maintained as a Texinfo manual. If the \fBinfo\fR and \fB\s-1SFS\s0\fR programs are properly installed at your site, the command \fBinfo \s-1SFS\s0\fR should give you access to the complete manual. .PP For updates, documentation, and software distribution, please see the \fB\s-1SFS\s0\fR website at \fIhttp://www.fs.net\fR. .SH "AUTHOR" .IX Header "AUTHOR" sfsdev@redlab.lcs.mit.edu