|DACSCOOKIE(1)||DACS Commands Manual||DACSCOOKIE(1)|
NAME¶dacscookie - create DACS credentials and emit as a cookie
[-create] [-i ident]
[-user user] [-ip ipaddr]
[-role role_str] [-expires date] [-ua str]
dacscookie [dacsoptions] -decrypt [-concise]
DESCRIPTION¶This program is part of the DACS suite.
The dacscookie utility constructs DACS credentials that represent a single DACS identity and emits them as the NAME=VALUE element of a HTTP cookie (RFC 2109, RFC 2965, RFC 6265) that may be used by DACS. It can also decode and display these cookies, provided the same encryption keys used to create the cookies are available. The program is useful for testing purposes, or by programs that perform authentication (e.g., by calling dacsauth(1)) and need to return credentials. It may also be used to generate an identity "offline"; the resulting credentials could be used by applications other than standard Web browsers, or be distributed via any secure channel (e.g., encrypted email) for use by the recipient.
Configured or derived defaults are used if optional identity information is not provided.
Only the DACS administrator should be able to successfully run this program. Because DACS keys and configuration files must be limited to the administrator, this will normally be the case, but a careful administrator will set file permissions to deny access to all other users, or even delete the binary.
Similarly, access to cookies generated by this program must be carefully controlled. Any jurisdiction within the same federation in which the credentials were created will be able to directly decrypt the credentials.
OPTIONS¶dacscookie recognizes these options for cookie creation:
dacscookie recognizes these options for cookie decryption:
EXAMPLES¶The following will generate an identity and store it in a file:
% dacscookie -u j1.example.com -user bobo > cookie.out % chmod 0600 cookie.out
The following will display various elements of the credentials to stdout:
% dacscookie -u j1.example.com -decrypt < cookie.out % rm cookie.out
DIAGNOSTICS¶The program exits 0 if everything was fine, 1 if an error occurred.
SEE ALSO¶dacs_auth_agent(8), dacs_auth_transfer(8), dacs_authenticate(8), dacsauth(1), dacscred(1), dacs_current_credentials(8).
AUTHOR¶Distributed Systems Software (www.dss.ca)
COPYING¶Copyright © 2003-2015 Distributed Systems Software. See the LICENSE file that accompanies the distribution for licensing information.
- HTTP cookie
- RFC 2109
- RFC 2965
- RFC 6265
- concise syntax