jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-19 07:20:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
cd6e2b9929
openafs/doc/man-pages/pod8/bos_setauth.pod
Russ Allbery 03b9fcc883 man1-editing-pass-20051209 
Complete an initial editing and cleanup pass for all section one man pages.
Fix various conversion problems, formatting inconsistencies, and obvious
problems.  Please note that no editing for content has yet been done; this
is solely editing for formatting and correct conversion to POD.

Also, add some additional section five man pages that were omitted from the
first conversion run due to unusual file names, and globally replace
CAVEATS with CAUTIONS in the man pages to match the original section name.

The section one man pages should now be in reasonable shape and ready for
additional review and further updates, although there are probably still
remaining obvious problems.

====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================

This file got the wrong name when it was originally committed.  Fix.
2005-12-09 14:48:56 +00:00

121 lines
3.6 KiB
Plaintext
Raw Blame History

=head1 NAME
bos setauth - Sets authorization checking requirements for all server processes
=head1 SYNOPSIS
bos setauth -server <I<machine name>>
B<-authrequired> <I<on or off: authentication required for admin requests>>
[B<-cell> <I<cell name>>] [B<-noauth>] [B<-localauth>] [-help]
bos seta -s <I<machine name>>
B<-a> <I<on or off: authentication required for admin requests>>
[B<-c> <I<cell name>>] [B<-n>] [B<-l>] [-h]
=head1 DESCRIPTION
The bos setauth command enables or disables authorization
checking on the server machine named by the B<-server>
argument. When authorization checking is enabled (the normal case), the
AFS server processes running on the machine verify that the issuer of a
command meets its privilege requirements. When authorization checking
is disabled, server processes perform any action for anyone, including the
unprivileged user B<anonymous>; this security exposure precludes
disabling of authorization checking except during installation or
emergencies.
To indicate to the server processes that authorization checking is
disabled, the BOS Server creates the zero-length file
B</usr/afs/local/NoAuth> on its local disk. All AFS server
processes constantly monitor for the B<NoAuth> file's presence
and do not check for authorization when it is present. The BOS Server
removes the file when this command is used to reenable authorization
checking.
=head1 CAUTIONS
Do not create the NoAuth file directly, except when directed by
instructions for dealing with emergencies (doing so requires being logged in
as the local superuser B<root>). Use this command
instead.
=head1 OPTIONS
=over 4
=item -server
>
Indicates the server machine on which to enable or disable authorization
checking. Identify the machine by IP address or its host name (either
fully-qualified or abbreviated unambiguously). For details, see the
introductory reference page for the B<bos> command suite.
=item -authrequired
>
Enables authorization checking if the value is on, or disables
it if the value is B<off>.
=item -cell
>
Names the cell in which to run the command. Do not combine this
argument with the B<-localauth> flag. For more details, see the
introductory B<bos> reference page.
=item -noauth
>
Assigns the unprivileged identity anonymous to the
issuer. Do not combine this flag with the B<-localauth>
flag. For more details, see the introductory B<bos> reference
page.
=item -localauth
>
Constructs a server ticket using a key from the local
B</usr/afs/etc/KeyFile> file. The B<bos> command
interpreter presents the ticket to the BOS Server during mutual
authentication. Do not combine this flag with the B<-cell> or
B<-noauth> options. For more details, see the introductory
B<bos> reference page.
=item -help
Prints the online help for this command. All other valid options
are ignored.
=back
=head1 EXAMPLES
The following example disables authorization checking on the machine
B<fs7.abc.com>:
% bos setauth -server fs7.abc.com -authrequired off
=head1 PRIVILEGE REQUIRED
The issuer must be listed in the /usr/afs/etc/UserList file on
the machine named by the B<-server> argument, or must be logged onto a
server machine as the local superuser B<root> if the
B<-localauth> flag is included.
=head1 SEE ALSO
L<KeyFile(1)>,
L<NoAuth(1)>,
L<UserList(1)>,
L<bos(1)>,
L<bos_restart(1)>
=head1 COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Reference in New Issue View Git Blame Copy Permalink