3 bos setauth - Sets authorization checking requirements for all server processes
7 bos setauth B<-server> I<machine name>
8 B<-authrequired> I<on or off: authentication required for admin requests>
9 [B<-cell> I<cell name>] [B<-noauth>] [B<-localauth>] [B<-help>]
11 bos seta B<-s> I<machine name>
12 B<-a> I<on or off: authentication required for admin requests>
13 [B<-c> I<cell name>] [B<-n>] [B<-l>] [B<-h>]
17 The C<bos setauth> command enables or disables authorization checking on
18 the server machine named by the B<-server> argument. When authorization
19 checking is enabled (the normal case), the AFS server processes
20 running on the machine verify that the issuer of a command meets its
21 privilege requirements. When authorization checking is disabled,
22 server processes perform any action for anyone, including the
23 unprivileged user B<anonymous>; this security exposure precludes
24 disabling of authorization checking except during installation or
27 To indicate to the server processes that authorization checking is
28 disabled, the BOS Server creates the zero-length file
29 B</usr/afs/local/NoAuth> on its local disk. All AFS server processes
30 constantly monitor for the B<NoAuth> file's presence and do not check for
31 authorization when it is present. The BOS Server removes the file when
32 this command is used to reenable authorization checking.
38 =item B<-server> I<machine name>
40 Indicates the server machine on which to enable or disable
41 authorization checking. Identify the machine by IP address or
42 its host name (either fully-qualified or abbreviated
43 unambiguously). For details, see the introductory reference
44 page for the C<bos> command suite.
46 =item B<-authrequired> I<on or off: authentication required for admin requests>
48 Enables authorization checking if the value is C<on>, or disables
49 it if the value is C<off>.
51 =item B<-cell> I<cell name>
53 Names the cell in which to run the command. Do not combine this
54 argument with the B<-localauth> flag. For more details, see the
55 introductory L<bos(1)> reference page.
59 Assigns the unprivileged identity B<anonymous> to the issuer. Do
60 not combine this flag with the B<-localauth> flag. For more
61 details, see the introductory L<bos(1)> reference page.
65 Constructs a server ticket using a key from the local
66 B</usr/afs/etc/KeyFile> file. The C<bos> command interpreter presents
67 the ticket to the BOS Server during mutual authentication. Do
68 not combine this flag with the B<-cell> or B<-noauth> options. For
69 more details, see the introductory L<bos(1)> reference page.
73 Prints the online help for this command. All other valid
80 The following example disables authorization checking on the machine
83 bos setauth -server fs7.abc.com -authrequired off
85 =head1 PRIVILEGE REQUIRED
87 The issuer must be listed in the B</usr/afs/etc/UserList> file on the
88 machine named by the B<-server> argument, or must be logged onto a server
89 machine as the local superuser B<root> if the B<-localauth> flag is
94 Do not create the B<NoAuth> file directly, except when directed by
95 instructions for dealing with emergencies (doing so requires being
96 logged in as the local superuser B<root>). Use this command instead.
100 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
102 Converted from html to pod by Alf Wachsmann <alfw@slac.stanford.edu>, 2003,
103 and Elizabeth Cassell <e_a_c@mailsnare.net>, 2004,
104 Stanford Linear Accelerator Center, a department of Stanford University.