<div class="synopsis">
B<butc> S<<< [B<-port> <I<port offset>>] >>> S<<< [B<-debuglevel> (0 | 1 | 2)] >>>
- S<<< [B<-cell> <I<cell name>>] >>> [B<-noautoquery>] [B<-localauth>] [B<-help>]
+ S<<< [B<-cell> <I<cell name>>] >>> [B<-noautoquery>] [B<-rxbind>] [B<-localauth>]
+ [B<-auditlog> <I<file | sysvmq>> [B<-audit-interface> <I<interface>>]]
+ [B<-allow_unauthenticated>] [B<-help>]
B<butc> S<<< [B<-p> <I<port offset>>] >>> S<<< [B<-d> (0 | 1 | 2)] >>>
- S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-l>] [B<-h>]
+ S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-r>] [B<-l>]
+ [B<-auditl> <I<file | sysvmq>> [-B<-audit-i> <I<interface>>]]
+ [B<-al>] [B<-h>]
=for html
</div>
set the device's block size to 0 (zero), indicating variable block
size. Otherwise, tape devices attached to machines running other operating
systems sometimes cannot read tapes written on AIX machines. For
-instructions, see the I<IBM AFS Administration Guide> chapter about
+instructions, see the I<OpenAFS Administration Guide> chapter about
configuring the Backup System.
=head1 OPTIONS
needed for an operation. The operator must insert the tape into the drive
before issuing the B<backup> command that initializes the operation.
+=item B<-rxbind>
+
+Bind the Rx socket to the primary interface only. If not specified, the Rx
+socket will listen on all interfaces.
+
=item B<-localauth>
Constructs a server ticket using the server encryption key with the
-highest key version number in the local F</usr/afs/etc/KeyFile>. The
+highest key version number in the local F</usr/afs/etc/KeyFile> or
+F</usr/afs/etc/KeyFileExt>. The
B<butc> command interpreter presents the ticket, which never expires, to
the Volume Server and Volume Location Server to use in mutual
authentication.
Do not combine this argument with the B<-cell> flag, and use it only when
logged on to a server machine as the local superuser C<root>; client
-machines do not have F</usr/afs/etc/KeyFile> file.
+machines do not have F</usr/afs/etc/KeyFile> or F</usr/afs/etc/KeyFileExt>
+files.
+
+=item B<-auditlog> <I<log path>>
+
+Turns on audit logging, and sets the path for the audit log. The audit
+log records information about RPC calls, including the name of the RPC
+call, the host that submitted the call, the authenticated entity (user)
+that issued the call, the parameters for the call, and if the call
+succeeded or failed.
+
+=item B<-audit-interface> <(file | sysvmq)>
+
+Specifies what audit interface to use. Defaults to C<file>. See
+L<fileserver(8)> for an explanation of each interface.
+
+=item B<-allow_unauthenticated>
+
+By default the B<butc> requires clients performing TC_ RPCs to authenticate
+themselves, behavior introduced in the fix for OPENAFS-SA-2018-001.
+This option reverts to the historical behavior of only using the rxnull
+security class for incoming connections. Use of this option is strongly
+disrecommended; it is provided only for backwards compatibility with older
+clients in environments where B<backup> and B<butc> communicate over a secure
+network that denies access to untrusted parties.
=item B<-help>
=head1 SEE ALSO
L<KeyFile(5)>,
+L<KeyFileExt(5)>,
L<ThisCell(5)>,
L<UserList(5)>,
L<butc(5)>,
git://git.openafs.org / openafs.git / blobdiff