From 20d5760fe9653fb748fc25661257ab9720b2b5a6 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Fri, 27 Feb 2015 18:20:19 -0500 Subject: [PATCH] Document KeyFileExt(5) Add a manual page for the KeyFileExt file. Add cross-references from all places which currently reference KeyFile(5), and update their body text accordingly. Change-Id: Iab56847fcb59dda0c8a344a626ddb0ff35b98b26 Reviewed-on: http://gerrit.openafs.org/11770 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk --- doc/man-pages/pod5/KeyFileExt.pod | 82 ++++++++++++++++++++++++++++++++++ doc/man-pages/pod5/afs.pod | 2 + doc/man-pages/pod8/asetkey.pod | 6 +-- doc/man-pages/pod8/backup.pod | 7 ++- doc/man-pages/pod8/bos.pod | 15 ++++++- doc/man-pages/pod8/bos_addhost.pod | 4 +- doc/man-pages/pod8/bos_addkey.pod | 12 ++++- doc/man-pages/pod8/bos_adduser.pod | 4 +- doc/man-pages/pod8/bos_create.pod | 4 +- doc/man-pages/pod8/bos_delete.pod | 4 +- doc/man-pages/pod8/bos_getdate.pod | 4 +- doc/man-pages/pod8/bos_getrestart.pod | 4 +- doc/man-pages/pod8/bos_install.pod | 4 +- doc/man-pages/pod8/bos_listhosts.pod | 4 +- doc/man-pages/pod8/bos_listkeys.pod | 9 +++- doc/man-pages/pod8/bos_listusers.pod | 4 +- doc/man-pages/pod8/bos_prune.pod | 4 +- doc/man-pages/pod8/bos_removehost.pod | 4 +- doc/man-pages/pod8/bos_removekey.pod | 7 ++- doc/man-pages/pod8/bos_removeuser.pod | 4 +- doc/man-pages/pod8/bos_restart.pod | 4 +- doc/man-pages/pod8/bos_salvage.pod | 4 +- doc/man-pages/pod8/bos_setauth.pod | 4 +- doc/man-pages/pod8/bos_setcellname.pod | 4 +- doc/man-pages/pod8/bos_setrestart.pod | 4 +- doc/man-pages/pod8/bos_shutdown.pod | 4 +- doc/man-pages/pod8/bos_start.pod | 4 +- doc/man-pages/pod8/bos_startup.pod | 4 +- doc/man-pages/pod8/bos_status.pod | 3 +- doc/man-pages/pod8/bos_stop.pod | 4 +- doc/man-pages/pod8/bos_uninstall.pod | 4 +- doc/man-pages/pod8/butc.pod | 7 ++- 32 files changed, 203 insertions(+), 35 deletions(-) create mode 100644 doc/man-pages/pod5/KeyFileExt.pod diff --git a/doc/man-pages/pod5/KeyFileExt.pod b/doc/man-pages/pod5/KeyFileExt.pod new file mode 100644 index 0000000..6962845 --- /dev/null +++ b/doc/man-pages/pod5/KeyFileExt.pod @@ -0,0 +1,82 @@ +=head1 NAME + +KeyFileExt - Defines extended AFS server encryption keys + +=head1 DESCRIPTION + +The F file defines some of the server encryption keys +that the AFS server +processes running on the machine use to decrypt the tickets presented by +clients during the mutual authentication process. AFS server processes +perform privileged actions only for clients that possess a ticket +encrypted with one of the keys from the F or F. +The file must reside in the +F directory on every server machine. For more detailed +information on mutual authentication and server encryption keys, see the +I. + +Each key has a corresponding key version number and encryption +type that distinguishes it +from the other keys. The tickets that clients present are also marked with +a key version number and encryption type +to tell the server process which key to use to +decrypt it. The F file must always include a key with the same +key version number and encryption type +and contents as the key currently listed for the +C> principal in the associated Kerberos v5 realm. +(The principal C may be used if the cell and +realm names are the same, but adding the cell name to the principal is +recommended even in this case.) +Keys in the F must be DES keys; keys of stronger +encryption types (such as those used by the rxkad-k5 extension) are +contained in the F. + +The F file is in binary format, so always use the +B command to administer it: + +=over 4 + +=item * + +The B command to add a new key. + +=item * + +The B command to display the keys. + +=item * + +The B command to remove a key from the file. + +=back + +The B commands must be run on the same server as the F +file to update. Normally, new +keys should be added from a Kerberos v5 keytab using B. + +The file should be edited on each server machine. + +=head1 CAUTIONS + +The most common error caused by changes to F is to add a key that +does not match the corresponding key for the Kerberos v5 principal or +Authentication Server database entry. Both the key and the key version +number must match the key for the corresponding principal, either +C> or C, in the Kerberos v5 realm. Using L +to add rxkad-k5 keys to the F also requires specifying a krb5 +encryption type number. Since the encryption type must be specified +by its number (not a symbolic or string name), care must be taken to +determine the correct encryption type to add. + +=head1 SEE ALSO + +L, +L, + +The I at +L. + +=head1 COPYRIGHT + +IBM Corporation, 2000. All Rights Reserved. +Massachusetts Institute of Technology, 2015. diff --git a/doc/man-pages/pod5/afs.pod b/doc/man-pages/pod5/afs.pod index 60f0e8d..fff037e 100644 --- a/doc/man-pages/pod5/afs.pod +++ b/doc/man-pages/pod5/afs.pod @@ -91,6 +91,8 @@ Administrative files: =item L +=item L + =item L =back diff --git a/doc/man-pages/pod8/asetkey.pod b/doc/man-pages/pod8/asetkey.pod index 97ed37a..3ec30a3 100644 --- a/doc/man-pages/pod8/asetkey.pod +++ b/doc/man-pages/pod8/asetkey.pod @@ -1,6 +1,6 @@ =head1 NAME -asetkey - Add a key from a keytab to an AFS KeyFile +asetkey - Add a key from a keytab to an AFS KeyFile or KeyFileExt =head1 SYNOPSIS @@ -26,8 +26,8 @@ B list The B command is used to add a key to an AFS KeyFile or KeyFileExt from a Kerberos keytab. It is similar to B except that it must be -run locally on the system where the KeyFile is located and it takes the -new key from the command line or a Kerberos 5 keytab rather than prompting +run locally on the system where the KeyFile or KeyFileExt is located +and it takes the new key from a Kerberos 5 keytab rather than prompting for the password. B can be used to delete a key (similar to B Constructs a server ticket using the server encryption key with the -highest key version number in the local F file. The +highest key version number in the local F +or F file. The B command interpreter presents the ticket, which never expires, to the Backup Server, Volume Server and Volume Location (VL) Server during mutual authentication. Use this flag only when issuing a command on a server machine; client -machines do not usually have a F file. The issuer +machines do not usually have a F or +F file. The issuer of a command that includes this flag must be logged on to the server machine as the local superuser C. The flag is useful for commands invoked by an unattended application program, such as a process controlled @@ -272,6 +274,7 @@ command is issued. L, L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos.pod b/doc/man-pages/pod8/bos.pod index d36673d..7cb3284 100644 --- a/doc/man-pages/pod8/bos.pod +++ b/doc/man-pages/pod8/bos.pod @@ -74,6 +74,14 @@ commands: B, B, and B. =item * +The F file lists additional server encryption +keys that the server processes can use to decrypt tickets presented by +client processes and one another. These keys are strong encryption +keys used by the rxkad-k5 extension; use L to manage the +F. + +=item * + The F file defines the cell to which the server machine belongs for the purposes of server-to-server communication. Administer it with the B command. There is also a @@ -153,12 +161,14 @@ prints the help message. =item B<-localauth> Constructs a server ticket using the server encryption key with the -highest key version number in the local F file. The +highest key version number in the local F or +F file. The B command interpreter presents the ticket, which never expires, to the BOS Server during mutual authentication. Use this flag only when issuing a command on a server machine; client -machines do not usually have a F file. The issuer +machines do not usually have a F or +F file. The issuer of a command that includes this flag must be logged on to the server machine as the local superuser C. The flag is useful for commands invoked by an unattended application program, such as a process controlled @@ -241,6 +251,7 @@ B command), no privilege is required. L, L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_addhost.pod b/doc/man-pages/pod8/bos_addhost.pod index 4b1d7a2..90bf2e3 100644 --- a/doc/man-pages/pod8/bos_addhost.pod +++ b/doc/man-pages/pod8/bos_addhost.pod @@ -82,7 +82,8 @@ this flag with the B<-localauth> flag. For more details, see L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -113,6 +114,7 @@ included. L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_addkey.pod b/doc/man-pages/pod8/bos_addkey.pod index 1988b0b..f99fb18 100644 --- a/doc/man-pages/pod8/bos_addkey.pod +++ b/doc/man-pages/pod8/bos_addkey.pod @@ -59,6 +59,14 @@ must use C salt, not the default Kerberos v5 salt. Otherwise, the key generated by B will not match the key generated by the Kerberos v5 KDC. +This command can only add keys to the F; these keys must +be DES keys. The stronger keys used by the rxkad-k5 extension are +stored in the F, which is not supported by this command. + +As such, the use of this command is disrecommended; use +L instead to benefit from the increased security +of the rxkad-k5 extension. + =head1 OPTIONS =over 4 @@ -103,7 +111,8 @@ this flag with the B<-localauth> flag. For more details, see L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -144,6 +153,7 @@ included. =head1 SEE ALSO L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_adduser.pod b/doc/man-pages/pod8/bos_adduser.pod index cf0ac36..3940a50 100644 --- a/doc/man-pages/pod8/bos_adduser.pod +++ b/doc/man-pages/pod8/bos_adduser.pod @@ -58,7 +58,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -88,6 +89,7 @@ included. =head1 SEE ALSO L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_create.pod b/doc/man-pages/pod8/bos_create.pod index 567462a..187d8f2 100644 --- a/doc/man-pages/pod8/bos_create.pod +++ b/doc/man-pages/pod8/bos_create.pod @@ -242,7 +242,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -430,6 +431,7 @@ Format of struct bnode_proc explosion: L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_delete.pod b/doc/man-pages/pod8/bos_delete.pod index 14c583e..ce62f8e 100644 --- a/doc/man-pages/pod8/bos_delete.pod +++ b/doc/man-pages/pod8/bos_delete.pod @@ -59,7 +59,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -94,6 +95,7 @@ restricted mode. L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_getdate.pod b/doc/man-pages/pod8/bos_getdate.pod index 938fbad..9ed3e9a 100644 --- a/doc/man-pages/pod8/bos_getdate.pod +++ b/doc/man-pages/pod8/bos_getdate.pod @@ -71,7 +71,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -106,6 +107,7 @@ None =head1 SEE ALSO L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_getrestart.pod b/doc/man-pages/pod8/bos_getrestart.pod index c40637a..424634c 100644 --- a/doc/man-pages/pod8/bos_getrestart.pod +++ b/doc/man-pages/pod8/bos_getrestart.pod @@ -67,7 +67,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -137,6 +138,7 @@ None L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_install.pod b/doc/man-pages/pod8/bos_install.pod index 7d1eead..154d1a9 100644 --- a/doc/man-pages/pod8/bos_install.pod +++ b/doc/man-pages/pod8/bos_install.pod @@ -87,7 +87,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -125,6 +126,7 @@ restricted mode. L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_listhosts.pod b/doc/man-pages/pod8/bos_listhosts.pod index 54c0b77..f196797 100644 --- a/doc/man-pages/pod8/bos_listhosts.pod +++ b/doc/man-pages/pod8/bos_listhosts.pod @@ -60,7 +60,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -102,6 +103,7 @@ None L, L, +L, L, L, L diff --git a/doc/man-pages/pod8/bos_listkeys.pod b/doc/man-pages/pod8/bos_listkeys.pod index a888eca..b7e6510 100644 --- a/doc/man-pages/pod8/bos_listkeys.pod +++ b/doc/man-pages/pod8/bos_listkeys.pod @@ -35,6 +35,11 @@ Displaying actual keys on the standard output stream (by including the B<-showkey> flag) is a security exposure. Displaying a checksum is sufficient for most purposes. +This command will only list keys in the F; it cannot display +keys from a F. A server running a modern, secure installation +using only keys for the rxkad-k5 extension will yield no keys in +the output of this command. + =head1 OPTIONS =over 4 @@ -70,7 +75,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -136,6 +142,7 @@ included. =head1 SEE ALSO L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_listusers.pod b/doc/man-pages/pod8/bos_listusers.pod index fb3ffd1..3f4ea4d 100644 --- a/doc/man-pages/pod8/bos_listusers.pod +++ b/doc/man-pages/pod8/bos_listusers.pod @@ -54,7 +54,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -86,6 +87,7 @@ None =head1 SEE ALSO L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_prune.pod b/doc/man-pages/pod8/bos_prune.pod index feb59a8..5deec83 100644 --- a/doc/man-pages/pod8/bos_prune.pod +++ b/doc/man-pages/pod8/bos_prune.pod @@ -96,7 +96,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -135,6 +136,7 @@ restricted mode. =head1 SEE ALSO L, +L, L, L, L diff --git a/doc/man-pages/pod8/bos_removehost.pod b/doc/man-pages/pod8/bos_removehost.pod index 8dd4765..0e2f4f3 100644 --- a/doc/man-pages/pod8/bos_removehost.pod +++ b/doc/man-pages/pod8/bos_removehost.pod @@ -68,7 +68,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -98,6 +99,7 @@ included. =head1 SEE ALSO L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_removekey.pod b/doc/man-pages/pod8/bos_removekey.pod index c8e4874..a6af4e3 100644 --- a/doc/man-pages/pod8/bos_removekey.pod +++ b/doc/man-pages/pod8/bos_removekey.pod @@ -32,6 +32,9 @@ lifetime has passed since the current key was defined using the B and B commands. This ensures that no clients still possess tickets encrypted with the obsolete key. +This command can only remove keys from the F file; +the F cannot be modified by this command. + =head1 OPTIONS =over 4 @@ -67,7 +70,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -96,6 +100,7 @@ included. =head1 SEE ALSO L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_removeuser.pod b/doc/man-pages/pod8/bos_removeuser.pod index f6ac0dd..e881e92 100644 --- a/doc/man-pages/pod8/bos_removeuser.pod +++ b/doc/man-pages/pod8/bos_removeuser.pod @@ -57,7 +57,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -86,6 +87,7 @@ included. =head1 SEE ALSO L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_restart.pod b/doc/man-pages/pod8/bos_restart.pod index 117e9d2..2321d33 100644 --- a/doc/man-pages/pod8/bos_restart.pod +++ b/doc/man-pages/pod8/bos_restart.pod @@ -98,7 +98,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -138,6 +139,7 @@ included. L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_salvage.pod b/doc/man-pages/pod8/bos_salvage.pod index ef04bad..6e7fe18 100644 --- a/doc/man-pages/pod8/bos_salvage.pod +++ b/doc/man-pages/pod8/bos_salvage.pod @@ -299,7 +299,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -339,6 +340,7 @@ included. =head1 SEE ALSO L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_setauth.pod b/doc/man-pages/pod8/bos_setauth.pod index 95f0628..a00082d 100644 --- a/doc/man-pages/pod8/bos_setauth.pod +++ b/doc/man-pages/pod8/bos_setauth.pod @@ -69,7 +69,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -98,6 +99,7 @@ included. =head1 SEE ALSO L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_setcellname.pod b/doc/man-pages/pod8/bos_setcellname.pod index 03726ad..acf636e 100644 --- a/doc/man-pages/pod8/bos_setcellname.pod +++ b/doc/man-pages/pod8/bos_setcellname.pod @@ -84,7 +84,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -117,6 +118,7 @@ C if the B<-localauth> flag is included. L, L, +L, L, L, L diff --git a/doc/man-pages/pod8/bos_setrestart.pod b/doc/man-pages/pod8/bos_setrestart.pod index 13dca43..eab6914 100644 --- a/doc/man-pages/pod8/bos_setrestart.pod +++ b/doc/man-pages/pod8/bos_setrestart.pod @@ -136,7 +136,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -171,6 +172,7 @@ included. L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_shutdown.pod b/doc/man-pages/pod8/bos_shutdown.pod index 7aa0fd5..03da6aa 100644 --- a/doc/man-pages/pod8/bos_shutdown.pod +++ b/doc/man-pages/pod8/bos_shutdown.pod @@ -81,7 +81,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -116,6 +117,7 @@ included. L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_start.pod b/doc/man-pages/pod8/bos_start.pod index eee136a..b2a3d1c 100644 --- a/doc/man-pages/pod8/bos_start.pod +++ b/doc/man-pages/pod8/bos_start.pod @@ -59,7 +59,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -90,6 +91,7 @@ included. L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_startup.pod b/doc/man-pages/pod8/bos_startup.pod index c45fbe6..d6c1818 100644 --- a/doc/man-pages/pod8/bos_startup.pod +++ b/doc/man-pages/pod8/bos_startup.pod @@ -68,7 +68,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -106,6 +107,7 @@ included. L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_status.pod b/doc/man-pages/pod8/bos_status.pod index 8216524..9cf159e 100644 --- a/doc/man-pages/pod8/bos_status.pod +++ b/doc/man-pages/pod8/bos_status.pod @@ -69,7 +69,7 @@ flag. For more details, see L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command +F or F file. The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -262,6 +262,7 @@ None L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_stop.pod b/doc/man-pages/pod8/bos_stop.pod index f1a1071..892b248 100644 --- a/doc/man-pages/pod8/bos_stop.pod +++ b/doc/man-pages/pod8/bos_stop.pod @@ -63,7 +63,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -93,6 +94,7 @@ included. L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/bos_uninstall.pod b/doc/man-pages/pod8/bos_uninstall.pod index 1d86821..2049ef4 100644 --- a/doc/man-pages/pod8/bos_uninstall.pod +++ b/doc/man-pages/pod8/bos_uninstall.pod @@ -74,7 +74,8 @@ L. =item B<-localauth> Constructs a server ticket using a key from the local -F file. The B command interpreter presents the +F or F file. +The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. @@ -108,6 +109,7 @@ restricted mode. L, L, +L, L, L, L, diff --git a/doc/man-pages/pod8/butc.pod b/doc/man-pages/pod8/butc.pod index 58bdaca..730ce83 100644 --- a/doc/man-pages/pod8/butc.pod +++ b/doc/man-pages/pod8/butc.pod @@ -175,14 +175,16 @@ socket will listen on all interfaces. =item B<-localauth> Constructs a server ticket using the server encryption key with the -highest key version number in the local F. The +highest key version number in the local F or +F. The B command interpreter presents the ticket, which never expires, to the Volume Server and Volume Location Server to use in mutual authentication. Do not combine this argument with the B<-cell> flag, and use it only when logged on to a server machine as the local superuser C; client -machines do not have F file. +machines do not have F or F +files. =item B<-help> @@ -212,6 +214,7 @@ configuration files in the local F directory. =head1 SEE ALSO L, +L, L, L, L, -- 1.9.4