jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 21:47:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
openafs/doc/man-pages/pod5/KeyFile.pod

70 lines
2.1 KiB
Plaintext
Raw Normal View History

STABLE14-man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess. (cherry picked from commit e3dfba8e6c10c296c09e9b0ac0c0355658ce0be7)
2006-01-05 18:28:16 +00:00
=head1 NAME
KeyFile - Defines AFS server encryption keys
=head1 DESCRIPTION
The KeyFile file defines the server encryption keys that the AFS
server processes running on the machine use to decrypt the tickets presented
by clients during the mutual authentication process. AFS server
processes perform privileged actions only for clients that possess a ticket
encrypted with one of the keys from the file. The file must reside in
the B</usr/afs/etc> directory on every server machine. For more
detailed information on mutual authentication and server encryption keys, see
the I<IBM AFS Administration Guide>.
Each key has a corresponding a key version number that distinguishes it
from the other keys. The tickets that clients present are also marked
with a key version number to tell the server process which key to use to
decrypt it. The B<KeyFile> file must always include a key with
the same key version number and contents as the key currently listed for the
B<afs> entry in the Authentication Database.
The KeyFile file is in binary format, so always use the
appropriate commands from the B<bos> command suite to administer
it:
=over 4
=item *
The bos addkey command to define a new key
=item *
The bos listkeys command to display the keys
=item *
The bos removekey command to remove a key from the file
=back
In cells that run the United States edition of AFS and use the Update
Server to distribute the contents of the B</usr/afs/etc> directory, it
is customary to edit only the copy of the file stored on the system control
machine. In cells that run the international version of AFS, edit the
file on each server machine individually.
=head1 SEE ALSO
L<bos_addkey(1)>,
L<bos_listkeys(1)>,
L<bos_removekey(1)>,
L<kas_setpassword(1)>,
L<upclient(1)>,
L<upserver(1)>
I<IBM AFS Administration Guide>
=head1 COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Reference in New Issue Copy Permalink