1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 3//EN">
3 <TITLE>Administration Reference</TITLE>
4 <!-- Begin Header Records ========================================== -->
5 <!-- /tmp/idwt3190/auarf000.scr converted by idb2h R4.2 (359) ID -->
6 <!-- Workbench Version (AIX) on 5 Nov 1999 at 13:58:29 -->
7 <META HTTP-EQUIV="updated" CONTENT="Fri, 05 Nov 1999 13:58:29">
8 <META HTTP-EQUIV="review" CONTENT="Sun, 05 Nov 2000 13:58:29">
9 <META HTTP-EQUIV="expires" CONTENT="Mon, 05 Nov 2001 13:58:29">
11 <!-- (C) IBM Corporation 2000. All Rights Reserved -->
12 <BODY bgcolor="ffffff">
13 <!-- End Header Records ============================================ -->
14 <A NAME="Top_Of_Page"></A>
15 <H1>Administration Reference</H1>
16 <HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf126.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf128.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
18 <H2><A NAME="HDRDLOG" HREF="auarf002.htm#ToC_141">dlog</A></H2>
19 <A NAME="IDX4697"></A>
20 <A NAME="IDX4698"></A>
21 <P><STRONG>Purpose</STRONG>
22 <P>Authenticates to the DCE Security Service
23 <P><STRONG>Synopsis</STRONG>
24 <PRE><B>dlog</B> [<B>-principal</B> <<VAR>user name</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
25 [<B>-password</B> <<VAR>user's password</VAR>>] [<B>-servers</B> <<VAR>explicit list of servers</VAR>><SUP>+</SUP>]
26 [<B>-lifetime</B> <<VAR>ticket lifetime in hh[:mm[:ss]]</VAR>>]
27 [<B>-setpag</B>] [<B>-pipe</B>] [<B>-help</B>]
29 <B>dlog</B> [<B>-pr</B> <<VAR>user name</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-pw</B> <<VAR>user's password</VAR>>]
30 [<B>-ser</B> <<VAR>explicit list of servers</VAR>><SUP>+</SUP>]
31 [<B>-l</B> <<VAR>ticket lifetime in hh[:mm[:ss]]</VAR>>] [<B>-set</B>] [<B>-pi</B>] [<B>-h</B>]
33 <P><STRONG>Description</STRONG>
34 <P>The <B>dlog</B> command obtains DCE credentials for the issuer from the
35 DCE Security Service in the cell named by the <B>-cell</B> argument, and
36 stores them on the AFS client machine on which the user issues the
37 command. The AFS/DFS Migration Toolkit Protocol Translator processes
38 running on machines in the DCE cell accept the credentials, which enables the
39 user to access the DCE cell's filespace from the AFS client. The
40 user's identity in the local file system is unchanged.
41 <P>If the issuer does not provide the <B>-principal</B> argument, the
42 <B>dlog</B> command interpreter uses the user name under which the issuer
43 is logged into the local file system. Provide the DCE password for the
44 appropriate user name. As with the <B>klog</B> command, the
45 password does not cross the network in clear text (unless the issuer is logged
46 into the AFS client from a remote machine).
47 <P>The credentials are valid for a lifetime equivalent to the smallest of the
48 following, all but the last of which is defined by the DCE cell's
51 <P><LI>The maximum certificate lifetime for the issuer's DCE account
52 <P><LI>The maximum certificate lifetime for the <B>afs</B> principal's
54 <P><LI>The registry-wide maximum certificate lifetime
55 <P><LI>The registry-wide default certificate lifetime
56 <P><LI>The lifetime requested using the <B>-lifetime</B> argument
58 <P>If the previous maximum certificate lifetime values are set to
59 <B>default-policy</B>, the maximum possible ticket lifetime is defined by
60 the default certificate lifetime. Refer to the DCE vendor's
61 administration guide for more information before setting any of these
63 <P>The AFS Cache Manager stores the ticket in a credential structure
64 associated with the name of the issuer (or the user named by the
65 <B>-principal</B> argument. If the user already has a ticket for
66 the DCE cell, the ticket resulting from this command replaces it in the
68 <P>The AFS <B>tokens</B> command displays the ticket obtained by the
69 <B>dlog</B> command for the server principal <B>afs</B>, regardless of
70 the principal to which it is actually granted. Note that the
71 <B>tokens</B> command does not distinguish tickets for a DFS<SUP>TM</SUP>
72 File Server from tickets for an AFS File Server.
73 <P><STRONG>Options</STRONG>
76 </B><DD>Specifies the DCE user name for which to obtain DCE credentials. If
77 this option is omitted, the <B>dlog</B> command interpreter uses the name
78 under which the issuer is logged into the local file system.
80 </B><DD>Specifies the DCE cell in which to authenticate. During a single
81 login session on a given machine, a user can authenticate in multiple cells
82 simultaneously, but can have only one ticket at a time for each cell (that is,
83 it is possible to authenticate under only one identity per cell per
84 machine). It is legal to abbreviate the cell name to the shortest form
85 that distinguishes it from the other cells listed in the
86 <B>/usr/vice/etc/CellServDB</B> file on the local client machine.
87 <P>If the issuer does not provide the <B>-cell</B> argument, the
88 <B>dlog</B> command attempts to authenticate with the DCE Security Server
89 for the cell defined by
91 <P><LI>The value of the environment variable AFSCELL on the local AFS client
92 machine, if defined. The issuer can set the AFSCELL environment
93 variable to name the desired DCE cell.
94 <P><LI>The cell name in the <B>/usr/vice/etc/ThisCell</B> file on the local
95 AFS client machine. The machine's administrator can place the
96 desired DCE cell's name in the file.
99 </B><DD>Specifies the password for the issuer (or for the user named by the
100 <B>-principal</B> argument). Using this argument is not
101 recommended, because it makes the password visible on the command line.
102 If this argument is omitted, the command prompts for the password and does not
105 </B><DD>Specifies a list of DFS database server machines running the Translator
106 Server through which the AFS client machine can attempt to
107 authenticate. Specify each server by hostname, shortened machine name,
108 or IP address. If this argument is omitted, the <B>dlog</B> command
109 interpreter randomly selects a machine from the list of DFS Fileset Location
110 (FL) Servers in the <B>/usr/vice/etc/CellServDB</B> file for the DCE cell
111 specified by the <B>-cell</B> argument. This argument is useful for
112 testing when authentication seems to be failing on certain server
115 </B><DD>Requests a ticket lifetime using the format
116 <VAR>hh</VAR><B>:</B><VAR>mm</VAR>[<B>:</B><VAR>ss</VAR>]
117 (hours, minutes, and optionally a number seconds between 00 and 59).
118 For example, the value <B>168:30</B> requests a ticket lifetime of 7
119 days and 30 minutes, and <B>96:00</B> requests a lifetime of 4
120 days. Acceptable values range from <B>00:05</B> (5 minutes)
121 to <B>720:00</B> (30 days). If this argument is not provided
122 and no other determinants of ticket lifetime have been changed from their
123 defaults, ticket lifetime is 10 hours.
124 <P>The requested lifetime must be smaller than any of the DCE cell's
125 determinants for ticket lifetime; see the discussion in the preceding
126 <B>Description</B> section.
128 </B><DD>Creates a process authentication group (PAG) in which the newly created
129 ticket is placed. If this flag is omitted, the ticket is instead
130 associated with the issuers' local user ID (UID).
132 </B><DD>Suppresses any prompts that the command interpreter otherwise produces,
133 including the prompt for the issuer's password. Instead, the
134 command interpreter accepts the password via the standard input stream.
136 </B><DD>Prints the online help for this command. All other valid options
139 <P><STRONG>Output</STRONG>
140 <P>If the <B>dlog</B> command interpreter cannot contact a Translator
141 Server, it produces a message similar to the following:
142 <PRE> dlog: server or network not responding -- failed to contact
143 authentication service
146 <P><STRONG>Examples</STRONG>
147 <P>The following command authenticates the issuer as <B>cell_admin</B> in
148 the <B>dce.abc.com</B> cell.
149 <PRE> % <B>dlog -principal cell_admin -cell dce.abc.com</B>
150 Password: <VAR>cell_admin's password</VAR>
153 <P>In the following example, the issuer authenticates as <B>cell_admin</B>
154 to the <B>dce.abc.com</B> cell and request a ticket lifetime
155 of 100 hours. The <B>tokens</B> command confirms that the user
156 obtained DCE credentials as the user <B>cell_admin</B>: the AFS ID
157 is equivalent to the UNIX ID of <B>1</B> assigned to <B>cell_admin</B>
158 in <B>dce.abc.com</B> cell's DCE registry.
159 <PRE> % <B>dlog -principal cell_admin -cell dce.abc.com -lifetime 100</B>
160 Password: <VAR>cell_admin's password</VAR>
163 Tokens held by the Cache Manager:
165 User's (AFS ID 1) tokens for afs@dce.abc.com [Expires Jul 6 14:12]
166 User's (AFS ID 4758) tokens for afs@abc.com [Expires Jul 2 13:14]
171 <P><STRONG>Privilege Required</STRONG>
173 <P><STRONG>Related Information</STRONG>
174 <P><A HREF="auarf128.htm#HDRDPASS">dpass</A>
175 <P><A HREF="auarf200.htm#HDRKLOG">klog</A>
176 <P><A HREF="auarf235.htm#HDRTOKENS">tokens</A>
177 <P><A HREF="auarf238.htm#HDRUNLOG">unlog</A>
179 <HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf126.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf128.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
180 <!-- Begin Footer Records ========================================== -->
182 <br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
184 <!-- End Footer Records ============================================ -->
185 <A NAME="Bot_Of_Page"></A>
git://git.openafs.org / openafs.git / blob