jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-19 07:20:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
cd6e2b9929
openafs/doc/man-pages/pod8/bos_addkey.pod
Russ Allbery e3dfba8e6c man-page-conversion-20051208 
This is the initial conversion of the AFS Adminstrators Reference into POD
for use as man pages.  The man pages are now generated via pod2man from
regen.sh so that only those working from CVS have to have pod2man
available.  The Makefile only installs.  The pages have also been sorted
out into pod1, pod5, and pod8 directories, making conversion to the right
section of man page easier without maintaining a separate list and allowing
for names to be duplicated between pod5 and pod1 or pod8 (which will likely
be needed in a few cases).

This reconversion is done with a new script based on work by Chas Williams.
In some cases, the output is worse than the previous POD pages, but this is
a more comprehensive conversion.

This is only the first step, and this initial conversion has various
problems.  In addition, the file man pages that didn't have simple names
have not been converted in this pass and will be added later.  Some of the
man pages have syntax problems and all of them have formatting errors.  The
next editing pass, coming shortly, will clean up most of the remaining
mess.
2005-12-08 12:14:33 +00:00

152 lines
4.7 KiB
Plaintext
Raw Blame History

=head1 NAME
bos addkey - Adds a new server encryption key to the /usr/afs/etc/KeyFile
file
=head1 SYNOPSIS
B<bos addkey -server> <I<machine name>> [-key <I<key>>]
B<-kvno> <I<key version number>> [B<-cell> <I<cell name>>]
[B<-noauth>] [B<-localauth>] [-help]
B<bos addk -s> <I<machine name>> [B<-ke> <I<key>>] -kv <I<key version number>>
[B<-ce> <I<cell name>>] [B<-n>] [B<-l>] [B<-h>]
=head1 DESCRIPTION
The bos addkey command constructs a server encryption key from
the text string provided, assigns it the key version number specified with the
B<-kvno> argument, and adds it to the B</usr/afs/etc/KeyFile>
file on the machine specified with the B<-server> argument. Be
sure to use the B<kas setpassword> or B<kas setkey> command to
add the same key to the B<afs> entry in the Authentication
Database.
Do not use the -key argument, which echoes the password string
visibly on the screen. If the argument is omitted, the BOS Server
prompts for the string and does not echo it visibly:
Input key:
Retype input key:
The BOS Server prohibits reuse of any key version number already listed in
the B</usr/afs/etc/KeyFile> file. This ensures that users who
still have tickets sealed with the current key are not prevented from
communicating with a server process because the current key is overwritten
with a new key. Use the B<bos listkeys> command to display the
key version numbers in the B</usr/afs/etc/KeyFile> file.
=head1 OPTIONS
=over 4
=item -server
>
Indicates the server machine on which to change the
B</usr/afs/etc/KeyFile> file. Identify the machine by IP
address or its host name (either fully-qualified or abbreviated
unambiguously). For details, see the introductory reference page for
the B<bos> command suite.
In cells that run the United States edition of AFS and use the Update
Server to distribute the contents of the B</usr/afs/etc> directory, it
is conventional to specify only the system control machine as a value for the
B<-server> argument. In cells that run the international
version of AFS, repeat the command for each file server machine. For
further discussion, see the introductory reference page for the B<bos>
command suite.
=item -key
>
Specifies a character string just like a password; the BOS Server
calls a DES conversion function to encode it into a form appropriate for use
as an encryption key. Omit this argument to have the BOS Server prompt
for the string instead.
=item -kvno
>
Defines the new key's key version number. It must be an
integer in the range from B<0> (zero) through B<255>.
For the sake of simplicity, use the number one higher than the current highest
key version number; use the B<bos listkeys> command to display
key version numbers.
L<(1)>
=item -cell
>
Names the cell in which to run the command. Do not combine this
argument with the B<-localauth> flag. For more details, see the
introductory B<bos> reference page.
=item -noauth
>
Assigns the unprivileged identity anonymous to the
issuer. Do not combine this flag with the B<-localauth>
flag. For more details, see the introductory B<bos> reference
page.
=item -localauth
>
Constructs a server ticket using a key from the local
B</usr/afs/etc/KeyFile> file. The B<bos> command
interpreter presents the ticket to the BOS Server during mutual
authentication. Do not combine this flag with the B<-cell> or
B<-noauth> options. For more details, see the introductory
B<bos> reference page.
=item -help
Prints the online help for this command. All other valid options
are ignored.
=back
=head1 OUTPUT
If the strings typed at the C<Input key> and C<Retype input
key> prompts do not match, the following message appears, and the command
exits without adding a new key:
Input key mismatch
=head1 EXAMPLES
The following command adds a new server encryption key with key version
number 14 to the B<KeyFile> file kept on the machine
B<fs1.abc.com> (the system control machine). The
issuer omits the B<-key> argument, as recommended, and provides the
password at the prompts.
% bos addkey -server fs1.abc.com -kvno 14
Input key:
Retype input key:
=head1 PRIVILEGE REQUIRED
The issuer must be listed in the /usr/afs/etc/UserList file on
the machine named by the B<-server> argument, or must be logged onto a
server machine as the local superuser B<root> if the
B<-localauth> flag is included.
=head1 SEE ALSO
L<KeyFile(1)>,
L<UserList(1)>,
L<bos(1)>,
L<bos_listkeys(1)>,
L<bos_removekey(1)>
=head1 COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Reference in New Issue View Git Blame Copy Permalink