fsbnode-rename-unused-to-dummy-20090604

[openafs.git] / src / WINNT / doc / install / Documentation / en_US / html / CmdRef / auarf095.htm

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 3//EN">
<HTML><HEAD>
<TITLE>Administration Reference</TITLE>
<!-- Begin Header Records  ========================================== -->
<!-- /tmp/idwt3190/auarf000.scr converted by idb2h R4.2 (359) ID      -->
<!-- Workbench Version (AIX) on 5 Nov 1999 at 13:58:29                -->
<META HTTP-EQUIV="updated" CONTENT="Fri, 05 Nov 1999 13:58:29">
<META HTTP-EQUIV="review" CONTENT="Sun, 05 Nov 2000 13:58:29">
<META HTTP-EQUIV="expires" CONTENT="Mon, 05 Nov 2001 13:58:29">
</HEAD><BODY>
<!-- (C) IBM Corporation 2000. All Rights Reserved    --> 
<BODY bgcolor="ffffff"> 
<!-- End Header Records  ============================================ -->
<A NAME="Top_Of_Page"></A>
<H1>Administration Reference</H1>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf094.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf096.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
<P>
<H2><A NAME="HDRBOS_ADDKEY" HREF="auarf002.htm#ToC_109">bos addkey</A></H2>
<A NAME="IDX4456"></A>
<A NAME="IDX4457"></A>
<A NAME="IDX4458"></A>
<A NAME="IDX4459"></A>
<A NAME="IDX4460"></A>
<A NAME="IDX4461"></A>
<A NAME="IDX4462"></A>
<A NAME="IDX4463"></A>
<A NAME="IDX4464"></A>
<P><STRONG>Purpose</STRONG>
<P>Adds a new server encryption key to the <B>/usr/afs/etc/KeyFile</B>
file
<P><STRONG>Synopsis</STRONG>
<PRE><B>bos addkey -server</B> &lt;<VAR>machine&nbsp;name</VAR>>  [<B>-key</B> &lt;<VAR>key</VAR>>]
           <B>-kvno</B> &lt;<VAR>key&nbsp;version&nbsp;number</VAR>>  [<B>-cell</B> &lt;<VAR>cell&nbsp;name</VAR>>]
           [<B>-noauth</B>]  [<B>-localauth</B>]  [<B>-help</B>]
    
<B>bos addk -s</B> &lt;<VAR>machine&nbsp;name</VAR>>  [<B>-ke</B> &lt;<VAR>key</VAR>>]  <B>-kv</B> &lt;<VAR>key version&nbsp;number</VAR>>
         [<B>-ce</B> &lt;<VAR>cell&nbsp;name</VAR>>]  [<B>-n</B>]  [<B>-l</B>]  [<B>-h</B>]
</PRE>
<P><STRONG>Description</STRONG>
<P>The <B>bos addkey</B> command constructs a server encryption key from
the text string provided, assigns it the key version number specified with the
<B>-kvno</B> argument, and adds it to the <B>/usr/afs/etc/KeyFile</B>
file on the machine specified with the <B>-server</B> argument. Be
sure to use the <B>kas setpassword</B> or <B>kas setkey</B> command to
add the same key to the <B>afs</B> entry in the Authentication
Database.
<P>Do not use the <B>-key</B> argument, which echoes the password string
visibly on the screen. If the argument is omitted, the BOS Server
prompts for the string and does not echo it visibly&#58;
<PRE>   Input key&#58;
   Retype input key&#58;
   
</PRE>
<P>The BOS Server prohibits reuse of any key version number already listed in
the <B>/usr/afs/etc/KeyFile</B> file. This ensures that users who
still have tickets sealed with the current key are not prevented from
communicating with a server process because the current key is overwritten
with a new key. Use the <B>bos listkeys</B> command to display the
key version numbers in the <B>/usr/afs/etc/KeyFile</B> file.
<P><STRONG>Options</STRONG>
<DL>
<P><DT><B><B>-server</B>
</B><DD>Indicates the server machine on which to change the
<B>/usr/afs/etc/KeyFile</B> file. Identify the machine by IP
address or its host name (either fully-qualified or abbreviated
unambiguously). For details, see the introductory reference page for
the <B>bos</B> command suite. 
<P>In cells that run the United States edition of AFS and use the Update
Server to distribute the contents of the <B>/usr/afs/etc</B> directory, it
is conventional to specify only the system control machine as a value for the
<B>-server</B> argument. In cells that run the international
version of AFS, repeat the command for each file server machine. For
further discussion, see the introductory reference page for the <B>bos</B>
command suite.
<P><DT><B><B>-key</B>
</B><DD>Specifies a character string just like a password; the BOS Server
calls a DES conversion function to encode it into a form appropriate for use
as an encryption key. Omit this argument to have the BOS Server prompt
for the string instead.
<P><DT><B><B>-kvno</B>
</B><DD>Defines the new key&#39;s key version number. It must be an
integer in the range from <B>0</B> (zero) through <B>255</B>.
For the sake of simplicity, use the number one higher than the current highest
key version number; use the <B>bos listkeys</B> command to display
key version numbers.
<A NAME="IDX4465"></A>
<P><DT><B><B>-cell</B>
</B><DD>Names the cell in which to run the command. Do not combine this
argument with the <B>-localauth</B> flag. For more details, see the
introductory <B>bos</B> reference page.
<P><DT><B><B>-noauth</B>
</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
issuer. Do not combine this flag with the <B>-localauth</B>
flag. For more details, see the introductory <B>bos</B> reference
page.
<P><DT><B><B>-localauth</B>
</B><DD>Constructs a server ticket using a key from the local
<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
interpreter presents the ticket to the BOS Server during mutual
authentication. Do not combine this flag with the <B>-cell</B> or
<B>-noauth</B> options. For more details, see the introductory
<B>bos</B> reference page.
<P><DT><B>-help
</B><DD>Prints the online help for this command. All other valid options
are ignored.
</DL>
<P><STRONG>Output</STRONG>
<P>If the strings typed at the <TT>Input key</TT> and <TT>Retype  input
key</TT> prompts do not match, the following message appears, and the command
exits without adding a new key&#58;
<PRE>   Input key mismatch
   
</PRE>
<P><STRONG>Examples</STRONG>
<P>The following command adds a new server encryption key with key version
number 14 to the <B>KeyFile</B> file kept on the machine
<B>fs1.abc.com</B> (the system control machine). The
issuer omits the <B>-key</B> argument, as recommended, and provides the
password at the prompts.
<PRE>   % <B>bos addkey -server fs1.abc.com -kvno 14</B>
   Input key&#58;
   Retype input key&#58;
   
</PRE>
<P><STRONG>Privilege Required</STRONG>
<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
the machine named by the <B>-server</B> argument, or must be logged onto a
server machine as the local superuser <B>root</B> if the
<B>-localauth</B> flag is included.
<P><STRONG>Related Information</STRONG>
<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
<P><A HREF="auarf107.htm#HDRBOS_LISTKEYS">bos listkeys</A>
<P><A HREF="auarf111.htm#HDRBOS_REMOVEKEY">bos removekey</A>
<P>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf094.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf096.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
<!-- Begin Footer Records  ========================================== -->
<P><HR><B> 
<br>&#169; <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A>  All Rights Reserved 
</B> 
<!-- End Footer Records  ============================================ -->
<A NAME="Bot_Of_Page"></A>
</BODY></HTML>