The local F</usr/vice/etc/ThisCell> file.
+Do not combine the B<-cell> and B<-localauth> options. A command on which
+the B<-localauth> flag is included always runs in the local cell (as
+defined in the server machine's local F</usr/afs/etc/ThisCell> file),
+whereas a command on which the B<-cell> argument is included runs in the
+specified foreign cell.
+
=back
=item B<-force>
and refuses to perform such an action even if the B<-noauth> flag is
provided.
+=item B<-localauth>
+
+Constructs a server ticket using the server encryption key with the
+highest key version number in the local F</usr/afs/etc/KeyFile> file. The
+B<pts> command interpreter presents the ticket, which never expires, to
+the BOS Server during mutual authentication.
+
+Use this flag only when issuing a command on a server machine; client
+machines do not usually have a F</usr/afs/etc/KeyFile> file. The issuer
+of a command that includes this flag must be logged on to the server
+machine as the local superuser C<root>. The flag is useful for commands
+invoked by an unattended application program, such as a process controlled
+by the UNIX B<cron> utility. It is also useful if an administrator is
+unable to authenticate to AFS but is logged in as the local superuser
+C<root>.
+
+Do not combine the B<-cell> and B<-localauth> options. A command on which
+the B<-localauth> flag is included always runs in the local cell (as
+defined in the server machine's local F</usr/afs/etc/ThisCell> file),
+whereas a command on which the B<-cell> argument is included runs in the
+specified foreign cell. Also, do not combine the B<-localauth> and
+B<-noauth> flags.
+
=back
=head1 PRIVILEGE REQUIRED
<div class="synopsis">
B<pts adduser> S<<< B<-user> <I<user name>>+ >>> S<<< B<-group> <I<group name>>+ >>>
- S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-force>] [B<-help>]
+ S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>]
B<pts ad> S<<< B<-u> <I<user name>>+ >>> S<<< B<-g> <I<group name>>+ >>>
- S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-f>] [B<-h>]
+ S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. The B<pts> command interpreter presents the
+ticket to the Protection Server during mutual authentication. Do not combine
+this flag with the B<-cell> or B<-noauth> options. For more details, see
+L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
<div class="synopsis">
B<pts chown> S<<< B<-name> <I<group name>> >>> S<<< B<-owner> <I<new owner>> >>>
- S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-force>] [B<-help>]
+ S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>]
B<pts cho> S<<< B<-na> <I<group name>> >>> S<<< B<-o> <I<new owner>> >>>
- S<<< [B<-c> <I<cell name>>] >>> [B<-no>] [B<-f>] [B<-h>]
+ S<<< [B<-c> <I<cell name>>] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the B<-cell>
+or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
B<pts creategroup> S<<< B<-name> <I<group name>>+ >>>
S<<< [B<-owner> <I<owner of the group>>] >>>
S<<< [B<-id> <I<id (negated) for the group>>+] >>> S<<< [B<-cell> <I<cell name>>] >>>
- [B<-noauth>] [B<-force>] [B<-help>]
+ [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>]
B<pts createg> S<<< B<-na> <I<group name>>+ >>> S<<< [B<-o> <I<owner of the group>>] >>>
S<<< [B<-i> <I<id (negated) for the group>>+] >>> S<<< [B<-c> <I<cell name>>] >>>
- [B<-no>] [B<-f>] [B<-h>]
+ [B<-no>] [B<-l>] [B<-f>] [B<-h>]
B<pts cg> S<<< B<-na> <I<group name>>+ >>> S<<< [B<-o> <I<owner of the group>>] >>>
S<<< [B<-i> <I<id (negated) for the group>>+] >>> S<<< [B<-c> <I<cell name>>] >>>
- [B<-no>] [B<-f>] [B<-h>]
+ [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
<div class="synopsis">
B<pts createuser> S<<< B<-name> <I<user name>>+ >>> S<<< [B<-id> <I<user id>>+] >>>
- S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-force>] [B<-help>]
+ S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>] [B<-force>]
+ [B<-help>]
B<pts createu> S<<< B<-na> <I<user name>>+ >>> S<<< [B<-i> <I<user id>>+] >>>
- S<<< [B<-c> <I<cell name>>] >>> [B<-no>] [B<-f>] [B<-h>]
+ S<<< [B<-c> <I<cell name>>] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>]
B<pts cu> S<<< B<-na> <I<user name>>+ >>> S<<< [B<-i> <I<user id>>+] >>>
- S<<< [B<-c> <I<cell name>>] >>> [B<-no>] [B<-f>] [B<-h>]
+ S<<< [B<-c> <I<cell name>>] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
<div class="synopsis">
B<pts delete> S<<< B<-nameorid> <I<user or group name or id>>+ >>>
- S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-force>] [B<-help>]
+ S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>]
+ [B<-force>] [B<-help>]
B<pts d> S<<< B<-na> <I<user or group name or id>>+ >>>
- S<<< [B<-c> <I<cell name>>] >>> [B<-no>] [B<-f>] [-h]
+ S<<< [B<-c> <I<cell name>>] >>> [B<-no>] [B<-l>] [B<-f>] [-h]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
<div class="synopsis">
B<pts examine> S<<< B<-nameorid> <I<user or group name or id>>+ >>>
- S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-force>] [B<-help>]
+ S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>]
+ [B<-force>] [B<-help>]
B<pts e> S<<< B<-na> <I<user or group name or id>>+ >>> S<<< [B<-c> <I<cell name>>] >>>
- [B<-no>] [B<-f>] [B<-h>]
+ [B<-no>] [B<-l>] [B<-f>] [B<-h>]
B<pts check> S<<< B<-na> <I<user or group name or id>>+ >>> S<<< [B<-c> <I<cell name>>] >>>
- [B<-no>] [B<-f>] [B<-h>]
+ [B<-no>] [B<-l>] [B<-f>] [B<-h>]
B<pts che> S<<< B<-na> <I<user or group name or id>>+ >>> S<<< [B<-c> <I<cell name>>] >>>
- [B<-no>] [B<-f>] [B<-h>]
+ [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
<div class="synopsis">
B<pts interactive> S<<< [B<-cell>] <I<cell name>> >>> [B<-noauth>]
- [B<-force>]
+ [B<-auth>] [B<-localauth>] [B<-force>]
B<pts in> S<<< [B<-c>] <I<cell name>> >>> [B<-n>] [B<-f>]
The B<pts interactive> command allows the user to enter an interactive
mode, useful for running bulk commands like creating new users or groups.
+B<pts interactive> uses the authentication state supplied on its command
+line to run all bulk commands. However, if a bulk command is supplied
+with authentication options such as B<-cell>, B<-localauth>, B<-auth>
+or B<-noauth> then it, and all subsequent bulk commands, will be run with
+those options.
+
=head1 CAUTIONS
Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B<pts interactive> command
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=back
=head1 OUTPUT
<div class="synopsis">
B<pts listentries> [B<-users>] [B<-groups>] S<<< [B<-cell> <I<cell name>>] >>>
- [B<-noauth>] [B<-force>] [B<-help>]
+ [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>]
-B<pts liste> [B<-u>] [B<-g>] S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-f>] [B<-h>]
+B<pts liste> [B<-u>] [B<-g>] S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-l>]
+ [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
=for html
<div class="synopsis">
-B<pts listmax> S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-force>] [B<-help>]
+B<pts listmax> S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>]
+ [B<-force>] [B<-help>]
-B<pts listm> S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-f>] [B<-h>]
+B<pts listm> S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
<div class="synopsis">
B<pts listowned> S<<< B<-nameorid> <I<user or group name or id>>+ >>>
- [-cell <I<cell name>>] [B<-noauth>] [B<-force>] [B<-help>]
+ [-cell <I<cell name>>] [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>]
B<pts listo> S<<< B<-na> <I<user or group name or id>>+ >>>
- [-c <I<cell name>>] [B<-no>] [B<-f>] [B<-h>]
+ [-c <I<cell name>>] [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
<div class="synopsis">
B<pts membership> S<<< B<-nameorid> <I<user or group name or id>>+ >>>
- S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-force>] [B<-help>]
+ S<<< [B<-cell> <I<cell name>>] >>> [B<-localauth>] [B<-noauth>]
+ [B<-force>] [B<-help>]
B<pts m> S<<< B<-na> <I<user or group name or id>>+ >>> S<<< [B<-c> <I<cell name>>] >>>
- [B<-no>] [B<-f>] [B<-h>]
+ [B<-no>] [B<-l>] [B<-f>] [B<-h>]
B<pts groups> S<<< B<-na> <I<user or group name or id>>+ >>> [-c <I<cell name>>]
- [B<-no>] [B<-f>] [B<-h>]
+ [B<-no>] [B<-l>] [B<-f>] [B<-h>]
B<pts g> S<<< B<-na> <I<user or group name or id>>+ >>> S<<< [B<-c> <I<cell name>>] >>>
- [B<-no>] [B<-f>] [B<-h>]
+ [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
=for html
<div class="synopsis">
-B<pts quit> S<<< [B<-cell>] <I<cell name>> >>> [B<-noauth>] [B<-force>]
+B<pts quit> S<<< [B<-cell>] <I<cell name>> >>> [B<-noauth>] [B<-localauth>]
+ [B<-force>]
-B<pts q> S<<< [B<-c>] <I<cell name>> >>> [B<-n>] [B<-f>]
+B<pts q> S<<< [B<-c>] <I<cell name>> >>> [B<-n>] [B<-l>] [B<-f>]
=for html
</div>
Enables the command to continue executing as far as possible when errors
or other problems occur, rather than halting execution at the first error.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-noauth>
Assigns the unprivileged identity anonymous to the issuer. For more
<div class="synopsis">
B<pts removeuser> S<<< B<-user> <I<user name>>+ >>> S<<< B<-group> <I<group name>>+ >>>
- S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-force>] [B<-help>]
+ S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>] [B<-force>]
+ [B<-help>]
B<pts rem> S<<< B<-u> <I<user name>>+ >>> S<<< B<-g> <I<group name>>+ >>>
- S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-f>] [B<-h>]
+ S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
<div class="synopsis">
B<pts rename> S<<< B<-oldname> <I<old name>> >>> S<<< B<-newname> <I<new name>> >>>
- S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-force>] [B<-help>]
+ S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>]
+ [B<-force>] [B<-help>]
B<pts ren> S<<< B<-o> <I<old name>> >>> S<<< B<-ne> <I<new name>> >>> S<<< [B<-c> <I<cell name>>] >>>
- [B<-no>] [B<-f>] [B<-h>]
+ [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
B<pts setfields> S<<< B<-nameorid> <I<user or group name or id>>+ >>>
S<<< [B<-access> <I<set privacy flags>>] >>>
S<<< [B<-groupquota> <I<set limit on group creation>>] >>>
- S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-force>] [B<-help>]
+ S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>]
+ [B<-force>] [B<-help>]
B<pts setf> S<<< B<-na> <I<user or group name or id>>+ >>>
S<<< [B<-a> <I<set privacy flags>>] >>>
S<<< [B<-g> <I<set limit on group creation>>] >>> S<<< [B<-c> <I<cell name>>] >>>
- [B<-no>] [B<-f>] [B<-h>]
+ [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
<div class="synopsis">
B<pts setmax> S<<< [B<-group> <I<group max>>] >>> S<<< [B<-user> <I<user max>>] >>>
- S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-force>] [B<-help>]
+ S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>]
B<pts setm> [B<-g> I<group max>>] S<<< [B<-u> <I<user max>>] >>>
- S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-f>] [B<-h>]
+ S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
<div class="synopsis">
B<pts sleep> S<<< [B<-delay>] <I<# of seconds>> >>>
- S<<< [B<-cell>] <I<cell name>> >>> [B<-noauth>] [B<-force>]
+ S<<< [B<-cell>] <I<cell name>> >>> [B<-noauth>] [B<-localauth>] [B<-force>]
B<pts sl> S<<< [B<-d>] <I<# of seconds>> >>> S<<< [B<-c>] <I<cell name>> >>>
- [B<-n>] [B<-f>]
+ [B<-n>] [B<-l>] [B<-f>]
=for html
</div>
=head1 OPTIONS
-Although they have no effect, B<pts quit> takes the following standard
+Although they have no effect, B<pts sleep> takes the following standard
B<pts> options:
=over 4
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=back
=head1 OUTPUT
<div class="synopsis">
B<pts source> S<<< [B<-file>] <I<file name>> >>> S<<< [B<-cell>] <I<cell name>> >>>
- [B<-noauth>] [B<-force>]
+ [B<-noauth>] [B<-localauth>] [B<-force>]
B<pts so> S<<< [B<-f>] <I<file name>> >>> S<<< [B<-c>] <I<cell name>> >>>
- [B<-n>] [B<-f>]
+ [B<-n>] [B<-l>] [B<-f>]
=for html
</div>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
+=item B<-localauth>
+
+Constructs a server ticket using a key from the local
+F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
+B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
+
=back
=head1 OUTPUT
<div class="synopsis">
B<bosserver> [B<-noauth>] [B<-log>] [B<-enable_peer_stats>]
- [B<-enable_process_stats>] [B<-help>]
+ [B<-enable_process_stats>] [B<-allow-dotted-principal>] [B<-help>]
=for html
</div>
S<<< [B<-busyat> <I<< redirect clients when queue > n >>>] >>>
[B<-nobusy>] S<<< [B<-rxpck> <I<number of rx extra packets>>] >>>
[B<-rxdbg>] [B<-rxdbge>] S<<< [B<-rxmaxmtu> <I<bytes>>] >>>
+ [B<-allow-dotted-principal>]
S<<< [B<-rxbind> <I<address to bind the Rx socket to>>] >>>
S<<< [B<-vattachpar> <I<number of volume attach threads>>] >>>
S<<< [B<-m> <I<min percentage spare in partition>>] >>>
principals with a dot in the first component of their name. This is to avoid
the confusion where principals user/admin and user.admin are both mapped to the
user.admin PTS entry. Sites whose Kerberos realms don't have these collisions
-between principal names may disable this check by starting the server
+between principal names may disabled this check by starting the server
with this option.
=item F<-m> <I<min percentage spare in partition>>
B<ptserver> S<<< [B<-database> <I<db path>>] >>> S<<< [B<-p> <I<number of processes>>] >>>
[B<-rebuildDB>] [B<-enable_peer_stats>] [B<-enable_process_stats>]
- [B<-help>]
+ [B<-allow-dotted-principal>] [B<-help>]
=for html
</div>
principals with a dot in the first component of their name. This is to avoid
the confusion where principals user/admin and user.admin are both mapped to the
user.admin PTS entry. Sites whose Kerberos realms don't have these collisions
-between principal names may disable this check by starting the server
+between principal names may disabled this check by starting the server
with this option.
=item B<-help>
<div class="synopsis">
B<vlserver> S<<< [B<-p> <I<lwp processes>>] >>> [B<-nojumbo>]
- [B<-enable_peer_stats>] [B<-enable_process_stats>] [B<-help>]
+ [B<-allow-dotted-principal>] [B<-enable_peer_stats>] [B<-enable_process_stats>]
+ [B<-help>]
=for html
</div>
principals with a dot in the first component of their name. This is to avoid
the confusion where principals user/admin and user.admin are both mapped to the
user.admin PTS entry. Sites whose Kerberos realms don't have these collisions
-between principal names may disable this check by starting the server
+between principal names may disabled this check by starting the server
with this option.
=item B<-help>
B<volserver> [B<-log>] S<<< [B<-p> <I<number of processes>>] >>>
S<<< [B<-udpsize> <I<size of socket buffer in bytes>>] >>>
- [B<-enable_peer_stats>] [B<-enable_process_stats>] [B<-help>]
+ [B<-enable_peer_stats>] [B<-enable_process_stats>]
+ [B<-allow-dotted-principal>] [B<-help>]
=for html
</div>
principals with a dot in the first component of their name. This is to avoid
the confusion where principals user/admin and user.admin are both mapped to the
user.admin PTS entry. Sites whose Kerberos realms don't have these collisions
-between principal names may disable this check by starting the server
+between principal names may disabled this check by starting the server
with this option.
=item B<-help>
FILE *s_file;
} *shead;
+struct authstate {
+ int sec;
+ const char *confdir;
+ char cell[MAXCELLCHARS];
+};
+
int
pts_Interactive(register struct cmd_syndesc *as)
{
}
int
-GetGlobals(register struct cmd_syndesc *as)
+GetGlobals(struct cmd_syndesc *as, void *arock)
{
- register afs_int32 code;
- char *cell;
- afs_int32 sec = 1;
+ struct authstate *state = (struct authstate *) arock;
+ afs_int32 code;
+ char *cell = NULL;
+ afs_int32 sec;
+ int changed = 0;
+ const char* confdir;
whoami = as->a0name;
if (!strcmp(as->name, "help"))
return 0;
- if (as->parms[16].items)
+
+ if (*state->cell) {
+ cell = state->cell;
+ }
+ sec = state->sec;
+
+ if (state->confdir == NULL) {
+ changed = 1;
+ }
+
+ if (as->parms[16].items) {
+ changed = 1;
cell = as->parms[16].items->data;
- else
- cell = 0;
- if (as->parms[17].items)
+ }
+ if (as->parms[17].items) { /* -noauth */
+ changed = 1;
sec = 0;
-
- if (as->parms[18].items) { /* testing? */
- code = pr_Initialize(sec, AFSDIR_SERVER_ETC_DIRPATH, cell);
+ }
+ if (as->parms[20].items) { /* -localauth */
+ changed = 1;
+ sec = 2;
+ }
+ if (as->parms[21].items) { /* -auth */
+ changed = 1;
+ sec = 1;
+ }
+ if (as->parms[18].items || as->parms[20].items) { /* -test, -localauth */
+ changed = 1;
+ confdir = AFSDIR_SERVER_ETC_DIRPATH;
} else {
- code = pr_Initialize(sec, AFSDIR_CLIENT_ETC_DIRPATH, cell);
+ if (sec == 2)
+ confdir = AFSDIR_SERVER_ETC_DIRPATH;
+ else
+ confdir = AFSDIR_CLIENT_ETC_DIRPATH;
+ }
+ if (changed) {
+ CleanUp(as, arock);
+ code = pr_Initialize(sec, confdir, cell);
+ } else {
+ code = 0;
}
if (code) {
afs_com_err(whoami, code, "while initializing");
return code;
}
+ state->sec = sec;
+ state->confdir = confdir;
+ if (cell && cell != state->cell)
+ strncpy(state->cell, cell, MAXCELLCHARS-1);
+
+ force = 0;
if (as->parms[19].items)
force = 1;
+
return code;
}
int
-CleanUp(register struct cmd_syndesc *as)
+CleanUp(register struct cmd_syndesc *as, void *arock)
{
if (as && !strcmp(as->name, "help"))
return 0;
pr_ListEntries(flag, startindex, &nentries, &entriesp,
&nextstartindex);
if (code) {
- afs_com_err(whoami, code, "; unable to list entries\n");
+ afs_com_err(whoami, code, "; unable to list entries");
if (entriesp)
free(entriesp);
break;
cmd_AddParm(ts, "-test", CMD_FLAG, CMD_OPTIONAL | CMD_HIDE, test_help);
cmd_AddParm(ts, "-force", CMD_FLAG, CMD_OPTIONAL,
"Continue oper despite reasonable errors");
+ cmd_AddParm(ts, "-localauth", CMD_FLAG, CMD_OPTIONAL,
+ "use local authentication");
+ cmd_AddParm(ts, "-auth", CMD_FLAG, CMD_OPTIONAL,
+ "use user's authentication (default)");
}
/*
int parsec;
char *parsev[CMD_MAXPARMS];
char *savec;
+ struct authstate state;
#ifdef WIN32
WSADATA WSAjunk;
sigaction(SIGSEGV, &nsa, NULL);
#endif
+ memset(&state, 0, sizeof(state));
+ state.sec = 1; /* default is auth */
+
ts = cmd_CreateSyntax("creategroup", CreateGroup, NULL,
"create a new group");
cmd_AddParm(ts, "-name", CMD_LIST, 0, "group name");
cmd_AddParm(ts, "-delay", CMD_SINGLE, 0, "seconds");
add_std_args(ts);
- cmd_SetBeforeProc(GetGlobals, 0);
+ cmd_SetBeforeProc(GetGlobals, &state);
finished = 1;
if (code = cmd_Dispatch(argc, argv)) {
- CleanUp(0);
+ CleanUp(NULL, NULL);
exit(1);
}
source = stdin;
parsev[0] = savec;
cmd_FreeArgv(parsev);
}
- CleanUp(0);
+ CleanUp(NULL, NULL);
exit(0);
}
if (!tdir) {
if (confDir && strcmp(confDir, ""))
fprintf(stderr,
- "libprot: Could not open configuration directory: %s.\n",
- confDir);
+ "%s: Could not open configuration directory: %s.\n",
+ whoami, confDir);
else
fprintf(stderr,
- "libprot: No configuration directory specified.\n");
+ "%s: No configuration directory specified.\n",
+ whoami);
return -1;
}
gottdir = 1;
/* Most callers use secLevel==1, however, the fileserver uses secLevel==2
* to force use of the KeyFile. secLevel == 0 implies -noauth was
* specified. */
- if ((secLevel == 2) && (afsconf_GetLatestKey(tdir, 0, 0) == 0)) {
- /* If secLevel is two assume we're on a file server and use
- * ClientAuthSecure if possible. */
- code = afsconf_ClientAuthSecure(tdir, &sc[2], &scIndex);
- if (code)
- fprintf(stderr,
- "libprot: clientauthsecure returns %d %s"
- " (so trying noauth)\n", code, afs_error_message(code));
- if (code)
- scIndex = 0; /* use noauth */
+ if (secLevel == 2) {
+ code = afsconf_GetLatestKey(tdir, 0, 0);
+ if (code) {
+ afs_com_err(whoami, code,
+ "(getting key from local KeyFile)\n");
+ scIndex = 0; /* use noauth */
+ } else {
+ /* If secLevel is two assume we're on a file server and use
+ * ClientAuthSecure if possible. */
+ code = afsconf_ClientAuthSecure(tdir, &sc[2], &scIndex);
+ if (code) {
+ afs_com_err(whoami, code,
+ "(calling client secure)\n");
+ scIndex = 0; /* use noauth */
+ }
+ }
if (scIndex != 2)
/* if there was a problem, an unauthenticated conn is returned */
sc[scIndex] = sc[2];
sname.instance[0] = 0;
strcpy(sname.name, "afs");
code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
- if (code)
+ if (code) {
+ afs_com_err(whoami, code, "(getting token)");
scIndex = 0;
- else {
+ } else {
if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
/* this is a kerberos ticket, set scIndex accordingly */
scIndex = 2;
else {
fprintf(stderr,
- "libprot: funny kvno (%d) in ticket, proceeding\n",
- ttoken.kvno);
+ "%s: funny kvno (%d) in ticket, proceeding\n",
+ whoami, ttoken.kvno);
scIndex = 2;
}
sc[2] =
if ((scIndex == 0) && (sc[0] == 0))
sc[0] = rxnull_NewClientSecurityObject();
if ((scIndex == 0) && (secLevel != 0))
- afs_com_err(whoami, code,
- "Could not get afs tokens, running unauthenticated.");
+ fprintf(stderr,
+ "%s: Could not get afs tokens, running unauthenticated\n",
+ whoami);
memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
for (i = 0; i < info.numServers; i++)
return 1;
if (gid == AUTHUSERID && aid != ANONYMOUSID)
return 1;
+ /* check -localauth case */
+ if (gid == SYSADMINID && aid == SYSADMINID)
+ return 1;
if ((gid == 0) || (aid == 0))
return 0;
#if defined(SUPERGROUPS)
projects / packages / o / openafs.git / commitdiff