table of contents
DACSCOOKIE(1) | DACS Commands Manual | DACSCOOKIE(1) |
NAME¶
dacscookie - create DACS credentials and emit as a cookieSYNOPSIS¶
dacscookie [dacsoptions[1]]
[-create] [ -i ident]
[-user user] [ -ip ipaddr]
[ -role role_str] [-expires date]
[-ua str]
dacscookie [dacsoptions[1]] -decrypt
[-concise]
DESCRIPTION¶
This program is part of the DACS suite. The dacscookie utility constructs DACS credentials that represent a single DACS identity and emits them as the NAME=VALUE element of a HTTP cookie[2] ( RFC 2109[3], RFC 2965[4]) that may be used by DACS. It can also decode and display these cookies, provided the same encryption keys used to create the cookies are available. The program is useful for testing purposes, or by programs that perform authentication (e.g., by calling dacsauth(1)[5]) and need to return credentials. It may also be used to generate an identity "offline"; the resulting credentials could be used by applications other than standard Web browsers, or be distributed via any secure channel (e.g., encrypted email) for use by the recipient. Configured or derived defaults are used if optional identity information is not provided.OPTIONS¶
dacscookie recognizes these options for cookie creation: -createCreate the specified credentials and emit them to the
standard output as the NAME=VALUE component of an HTTP cookie.
This is the default.
-expires date
Set the expiry date for the cookie. If date begins
with '+' and is followed by a digit string, the expiry date will be that
number of seconds relative to the current time. Otherwise, the date is
expected to be in one of the recognized formats (see concise
syntax[6]). If not provided, the configured default value,
AUTH_CREDENTIALS_DEFAULT_LIFETIME_SECS[7], will be used.
-i ident
The identity (ident) is given in the concise
syntax[6]. Note that any elements that are explicitly given will override
those that appear in ident.
-ip ipaddr
Use ipaddr as the user's IP address (in numerical
dot notation). If not provided, this element will be obtained from any
-i flag or else omitted from the credentials.
-role role_str
Use role_str as the user's role string, which must
be syntactically correct. If not provided, this element will be obtained from
any -i flag or else omitted from the credentials.
-ua str
Use str as the user agent string associated with
the credentials. If no string is specified, the credentials cannot be verified
against a user agent string. See dacs.conf(5)[8].
-user name
Use name, a syntactically correct username, within
the applicable jurisdiction. If not provided, this element must be specified
using the -i flag.
dacscookie recognizes these options for cookie decryption:
-decrypt
Instead of creating credentials, read a cookie from the
standard input and print its decoded contents to the standard output. If the
input is invalid in any way, a message is displayed.
-concise
With the -decrypt flag, only print the identity in
the concise user syntax[6].
EXAMPLES¶
The following will generate an identity and store it in a file:% dacscookie -u j1.example.com -user bobo > cookie.out % chmod 0600 cookie.out
% dacscookie -u j1.example.com -decrypt < cookie.out % rm cookie.out
DIAGNOSTICS¶
The program exits 0 if everything was fine, 1 if an error occurred.SEE ALSO¶
dacs_auth_agent(8)[9], dacs_auth_transfer(8)[10], dacs_authenticate(8)[11], dacsauth(1)[5], dacscred(1)[12], dacs_current_credentials(8)[13].AUTHOR¶
Distributed Systems Software ( www.dss.ca[14])COPYING¶
Copyright2003-2012 Distributed Systems Software. See the LICENSE[15] file that accompanies the distribution for licensing information.NOTES¶
- 1.
- dacsoptions
- 2.
- HTTP cookie
- 3.
- RFC 2109
- 4.
- RFC 2965
- 5.
- dacsauth(1)
- 6.
- concise syntax
- 7.
- AUTH_CREDENTIALS_DEFAULT_LIFETIME_SECS
- 8.
- dacs.conf(5)
- 12.
- dacscred(1)
- 14.
- www.dss.ca
- 15.
- LICENSE
07/17/2013 | DACS 1.4.28b |