GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  DLOG (1)

.ds Aq ’

NAME

dlog - Authenticates to the DCE Security Service

CONTENTS

SYNOPSIS

dlog [-principal <user name>] [-cell <cell name>]
[-password <user’s password>]
[-servers <explicit list of servers>+]
[-lifetime <ticket lifetime in hh[:mm[:ss]]>]
[-setpag] [-pipe] [-help]

dlog [-pr <user name>] [-c <cell name>]
[-pw <user’s password>]
[-ser <explicit list of servers>+]
[-l <ticket lifetime in hh[:mm[:ss]]>]
[-set] [-pi] [-h]

DESCRIPTION

The dlog command obtains DCE credentials for the issuer from the DCE Security Service in the cell named by the -cell argument, and stores them on the AFS client machine on which the user issues the command. The AFS/DFS Migration Toolkit Protocol Translator processes running on machines in the DCE cell accept the credentials, which enables the user to access the DCE cell’s filespace from the AFS client. The user’s identity in the local file system is unchanged.

If the issuer does not provide the -principal argument, the dlog command interpreter uses the user name under which the issuer is logged into the local file system. Provide the DCE password for the appropriate user name. As with the klog command, the password does not cross the network in clear text (unless the issuer is logged into the AFS client from a remote machine).

The credentials are valid for a lifetime equivalent to the smallest of the following, all but the last of which is defined by the DCE cell’s Security Server:
o The maximum certificate lifetime for the issuer’s DCE account.
o The maximum certificate lifetime for the AFS principal’s DCE account.
o The registry-wide maximum certificate lifetime.
o The registry-wide default certificate lifetime.
o The lifetime requested using the -lifetime argument.
If the previous maximum certificate lifetime values are set to default-policy, the maximum possible ticket lifetime is defined by the default certificate lifetime. Refer to the DCE vendor’s administration guide for more information before setting any of these values.

The AFS Cache Manager stores the ticket in a credential structure associated with the name of the issuer (or the user named by the -principal argument. If the user already has a ticket for the DCE cell, the ticket resulting from this command replaces it in the credential structure.

The AFS tokens command displays the ticket obtained by the dlog command for the server principal afs, regardless of the principal to which it is actually granted. Note that the tokens command does not distinguish tickets for a DFSTM File Server from tickets for an AFS File Server.

OPTIONS

-principal <user name> Specifies the DCE user name for which to obtain DCE credentials. If this option is omitted, the dlog command interpreter uses the name under which the issuer is logged into the local file system.
-cell <cell name> Specifies the DCE cell in which to authenticate. During a single login session on a given machine, a user can authenticate in multiple cells simultaneously, but can have only one ticket at a time for each cell (that is, it is possible to authenticate under only one identity per cell per machine). It is legal to abbreviate the cell name to the shortest form that distinguishes it from the other cells listed in the /usr/local/etc/openafs/CellServDB file on the local client machine.

If the issuer does not provide the -cell argument, the dlog command attempts to authenticate with the DCE Security Server for the cell defined by
o The value of the environment variable AFSCELL on the local AFS client machine, if defined. The issuer can set the AFSCELL environment variable to name the desired DCE cell.
o The cell name in the /usr/local/etc/openafs/ThisCell file on the local AFS client machine. The machine’s administrator can place the desired DCE cell’s name in the file.

-password <user’s password> Specifies the password for the issuer (or for the user named by the -principal argument). Using this argument is not recommended, because it makes the password visible on the command line. If this argument is omitted, the command prompts for the password and does not echo it visibly.
-servers <list of servers>+ Specifies a list of DFS database server machines running the Translator Server through which the AFS client machine can attempt to authenticate. Specify each server by hostname, shortened machine name, or IP address. If this argument is omitted, the dlog command interpreter randomly selects a machine from the list of DFS Fileset Location (FL) Servers in the /usr/local/etc/openafs/CellServDB file for the DCE cell specified by the -cell argument. This argument is useful for testing when authentication seems to be failing on certain server machines.
-lifetime <ticket lifetime> Requests a ticket lifetime using the format hh:mm[:ss] (hours, minutes, and optionally a number seconds between 00 and 59). For example, the value 168:30 requests a ticket lifetime of 7 days and 30 minutes, and 96:00 requests a lifetime of 4 days. Acceptable values range from 00:05 (5 minutes) to 720:00 (30 days). If this argument is not provided and no other determinants of ticket lifetime have been changed from their defaults, ticket lifetime is 10 hours.

The requested lifetime must be smaller than any of the DCE cell’s determinants for ticket lifetime; see the discussion in the preceding Description section.

-setpag Creates a process authentication group (PAG) in which the newly created ticket is placed. If this flag is omitted, the ticket is instead associated with the issuers’ local user ID (UID).
-pipe Suppresses any prompts that the command interpreter otherwise produces, including the prompt for the issuer’s password. Instead, the command interpreter accepts the password via the standard input stream.
-help Prints the online help for this command. All other valid options are ignored.

OUTPUT

If the dlog command interpreter cannot contact a Translator Server, it produces a message similar to the following:



   dlog: server or network not responding -- failed to contact
   authentication service



EXAMPLES

The following command authenticates the issuer as cell_admin in the dce.abc.com cell.



   % dlog -principal cell_admin -cell dce.abc.com
   Password: <cell_admins password>



In the following example, the issuer authenticates as cell_admin to the dce.abc.com cell and request a ticket lifetime of 100 hours. The tokens command confirms that the user obtained DCE credentials as the user cell_admin: the AFS ID is equivalent to the UNIX ID of 1 assigned to cell_admin in dce.abc.com cell’s DCE registry.



   % dlog -principal cell_admin -cell dce.abc.com -lifetime 100
   Password: <cell_admins password>

   % tokens
   Tokens held by the Cache Manager:

   Users (AFS ID 1) tokens for afs@dce.abc.com [Expires Jul 6 14:12]
   Users (AFS ID 4758) tokens for afs@abc.com [Expires Jul 2 13:14]

      --End of list--



PRIVILEGE REQUIRED

None

SEE ALSO

dpass(1), klog(1), tokens(1), unlog(1)

COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.

Search for    or go to Top of page |  Section 1 |  Main Index


OpenAFS DLOG (1) 2015-10-28

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.