ref: 361b65e4df0b4a3562a6e57b0f7b8009c59c3f2b
dir: /sys/man/8/secstore/
.TH SECSTORE 8 .SH NAME secstored, secuser \- secstore commands .SH SYNOPSIS .br .B auth/secstored .RB [ -R ] [ .BI -S " servername" ] [ .BI -s " address" ] [ .BI -x " network" ] [ .B -v ] .PP .B auth/secuser [ .B -v ] .I username .SH DESCRIPTION .I Secstored serves requests from .IR secstore (1). By default it listens on port .BR tcp!*!5356 ; the .B -s option specifies an alternative .IR address . In the connection protocol, .I secstored describes itself as service .BR secstore , but the .B -S option can specify a different .IR servername . The .B -R option supplements the password check with a call to a RADIUS server, for checking hardware tokens or other validation. The .B -x option specifies an alternative .I network to the default .BR /net . By default, .I secstored puts itself into the background; the .B -v option enables a verbose debugging mode that suppresses that. .PP .I Secuser is an administrative command that runs on the secstore machine, normally the authserver, to create new accounts and to change status on existing accounts. It prompts for account information such as password and expiration date, writing to .BI /adm/secstore/who/ user for a given secstore .IR user . The directory .B /adm/secstore should be created mode 770 with owner or group allowing access to the user that runs .IR secstored . The .B -v option makes the command chattier. .PP By default, .I secstored warns the client if no account exists. If you prefer to obscure this information, use .I secuser to create an account .BR FICTITIOUS . .SH FILES .TF /adm/secstore/store/user/ .TP .BI /adm/secstore/who/ user .I secstore account name, expiration date, verifier .TP .BI /adm/secstore/store/ user / .I user 's file storage .TP .B /lib/ndb/auth for mapping local userid to RADIUS userid .TP .B /sys/log/secstore log file (if it does not exist, .I secstored logs to .BR /dev/cons ) .SH SOURCE .B /sys/src/cmd/auth/secstore .SH SEE ALSO .IR secstore (1)