openafs/doc/man-pages/pod5/KeyFile.pod

=head1 NAME

KeyFile - Defines AFS server encryption keys

=head1 DESCRIPTION

The F<KeyFile> file defines the server encryption keys that the AFS server
processes running on the machine use to decrypt the tickets presented by
clients during the mutual authentication process. AFS server processes
perform privileged actions only for clients that possess a ticket
encrypted with one of the keys from the file. The file must reside in the
F</usr/afs/etc> directory on every server machine. For more detailed
information on mutual authentication and server encryption keys, see the
I<IBM AFS Administration Guide>.

Each key has a corresponding a key version number that distinguishes it
from the other keys. The tickets that clients present are also marked with
a key version number to tell the server process which key to use to
decrypt it. The F<KeyFile> file must always include a key with the same
key version number and contents as the key currently listed for the C<afs>
entry in the Authentication Database.

The F<KeyFile> file is in binary format, so always use the appropriate
commands from the B<bos> command suite to administer it:

=over 4

=item *

The B<bos addkey> command to define a new key.

=item *

The B<bos listkeys> command to display the keys.

=item *

The B<bos removekey> command to remove a key from the file.

=back

In cells that use the Update Server to distribute the contents of the
F</usr/afs/etc> directory, it is customary to edit only the copy of the
file stored on the system control machine. Otherwise, edit the file on
each server machine individually.

=head1 SEE ALSO

L<bos_addkey(8)>,
L<bos_listkeys(8)>,
L<bos_removekey(8)>,
L<kas_setpassword(8)>,
L<upclient(8)>,
L<upserver(8)>

I<IBM AFS Administration Guide>

=head1 COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0.  It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess. 2005-12-08 12:14:33 +00:00			`=head1 NAME`

			`KeyFile - Defines AFS server encryption keys`

			`=head1 DESCRIPTION`

man5-editing-pass-20051213 This completes the first editing pass of the man pages. Very little content editing has been done, but the server and client versions of various man pages have been combined into a single man page for the file (affects CellServDB, ThisCell, NetInfo, and NetRestrict), the descriptions of the various AFS cache files have been combined into one afs_cache man page, and the descriptions of the two butc log files have been combined into one butc_logs man page. For man pages for databases with two files, symlinks are now created on installation for the secondary file name. All of the man pages should now be ready for public review, additional editing and cleanup, and content editing. 2005-12-14 01:30:20 +00:00			`The F<KeyFile> file defines the server encryption keys that the AFS server`
			`processes running on the machine use to decrypt the tickets presented by`
			`clients during the mutual authentication process. AFS server processes`
			`perform privileged actions only for clients that possess a ticket`
			`encrypted with one of the keys from the file. The file must reside in the`
			`F</usr/afs/etc> directory on every server machine. For more detailed`
			`information on mutual authentication and server encryption keys, see the`
			`I<IBM AFS Administration Guide>.`
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess. 2005-12-08 12:14:33 +00:00
			`Each key has a corresponding a key version number that distinguishes it`
man5-editing-pass-20051213 This completes the first editing pass of the man pages. Very little content editing has been done, but the server and client versions of various man pages have been combined into a single man page for the file (affects CellServDB, ThisCell, NetInfo, and NetRestrict), the descriptions of the various AFS cache files have been combined into one afs_cache man page, and the descriptions of the two butc log files have been combined into one butc_logs man page. For man pages for databases with two files, symlinks are now created on installation for the secondary file name. All of the man pages should now be ready for public review, additional editing and cleanup, and content editing. 2005-12-14 01:30:20 +00:00			`from the other keys. The tickets that clients present are also marked with`
			`a key version number to tell the server process which key to use to`
			`decrypt it. The F<KeyFile> file must always include a key with the same`
			`key version number and contents as the key currently listed for the C<afs>`
			`entry in the Authentication Database.`
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess. 2005-12-08 12:14:33 +00:00
man5-editing-pass-20051213 This completes the first editing pass of the man pages. Very little content editing has been done, but the server and client versions of various man pages have been combined into a single man page for the file (affects CellServDB, ThisCell, NetInfo, and NetRestrict), the descriptions of the various AFS cache files have been combined into one afs_cache man page, and the descriptions of the two butc log files have been combined into one butc_logs man page. For man pages for databases with two files, symlinks are now created on installation for the secondary file name. All of the man pages should now be ready for public review, additional editing and cleanup, and content editing. 2005-12-14 01:30:20 +00:00			`The F<KeyFile> file is in binary format, so always use the appropriate`
			`commands from the B<bos> command suite to administer it:`
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess. 2005-12-08 12:14:33 +00:00
			`=over 4`

			`=item *`

man5-editing-pass-20051213 This completes the first editing pass of the man pages. Very little content editing has been done, but the server and client versions of various man pages have been combined into a single man page for the file (affects CellServDB, ThisCell, NetInfo, and NetRestrict), the descriptions of the various AFS cache files have been combined into one afs_cache man page, and the descriptions of the two butc log files have been combined into one butc_logs man page. For man pages for databases with two files, symlinks are now created on installation for the secondary file name. All of the man pages should now be ready for public review, additional editing and cleanup, and content editing. 2005-12-14 01:30:20 +00:00			`The B<bos addkey> command to define a new key.`
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess. 2005-12-08 12:14:33 +00:00
			`=item *`

man5-editing-pass-20051213 This completes the first editing pass of the man pages. Very little content editing has been done, but the server and client versions of various man pages have been combined into a single man page for the file (affects CellServDB, ThisCell, NetInfo, and NetRestrict), the descriptions of the various AFS cache files have been combined into one afs_cache man page, and the descriptions of the two butc log files have been combined into one butc_logs man page. For man pages for databases with two files, symlinks are now created on installation for the secondary file name. All of the man pages should now be ready for public review, additional editing and cleanup, and content editing. 2005-12-14 01:30:20 +00:00			`The B<bos listkeys> command to display the keys.`
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess. 2005-12-08 12:14:33 +00:00
			`=item *`

man5-editing-pass-20051213 This completes the first editing pass of the man pages. Very little content editing has been done, but the server and client versions of various man pages have been combined into a single man page for the file (affects CellServDB, ThisCell, NetInfo, and NetRestrict), the descriptions of the various AFS cache files have been combined into one afs_cache man page, and the descriptions of the two butc log files have been combined into one butc_logs man page. For man pages for databases with two files, symlinks are now created on installation for the secondary file name. All of the man pages should now be ready for public review, additional editing and cleanup, and content editing. 2005-12-14 01:30:20 +00:00			`The B<bos removekey> command to remove a key from the file.`
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess. 2005-12-08 12:14:33 +00:00
			`=back`

man5-editing-pass-20051213 This completes the first editing pass of the man pages. Very little content editing has been done, but the server and client versions of various man pages have been combined into a single man page for the file (affects CellServDB, ThisCell, NetInfo, and NetRestrict), the descriptions of the various AFS cache files have been combined into one afs_cache man page, and the descriptions of the two butc log files have been combined into one butc_logs man page. For man pages for databases with two files, symlinks are now created on installation for the secondary file name. All of the man pages should now be ready for public review, additional editing and cleanup, and content editing. 2005-12-14 01:30:20 +00:00			`In cells that use the Update Server to distribute the contents of the`
			`F</usr/afs/etc> directory, it is customary to edit only the copy of the`
			`file stored on the system control machine. Otherwise, edit the file on`
			`each server machine individually.`
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess. 2005-12-08 12:14:33 +00:00
			`=head1 SEE ALSO`

man5-editing-pass-20051213 This completes the first editing pass of the man pages. Very little content editing has been done, but the server and client versions of various man pages have been combined into a single man page for the file (affects CellServDB, ThisCell, NetInfo, and NetRestrict), the descriptions of the various AFS cache files have been combined into one afs_cache man page, and the descriptions of the two butc log files have been combined into one butc_logs man page. For man pages for databases with two files, symlinks are now created on installation for the secondary file name. All of the man pages should now be ready for public review, additional editing and cleanup, and content editing. 2005-12-14 01:30:20 +00:00			`L<bos_addkey(8)>,`
			`L<bos_listkeys(8)>,`
			`L<bos_removekey(8)>,`
			`L<kas_setpassword(8)>,`
			`L<upclient(8)>,`
			`L<upserver(8)>`
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess. 2005-12-08 12:14:33 +00:00
			`I<IBM AFS Administration Guide>`

			`=head1 COPYRIGHT`

			`IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.`

			`This documentation is covered by the IBM Public License Version 1.0. It was`
			`converted from HTML to POD by software written by Chas Williams and Russ`
			`Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.`