NAME¶
dacsinfocard - manage InfoCard accounts
SYNOPSIS¶
dacsinfocard [dacsoptions[1]]
DESCRIPTION¶
This program is part of the
DACS suite.
The
dacsinfocard command manages accounts that are used by the
local_infocard_authenticate[2] authentication module. This utility
serves a similar purpose for these authentication modules that the
dacspasswd(1)[3] command does for its
local_passwd_authenticate[4] module.
Apart from their use by
local_infocard_authenticate,
these accounts
are completely separate from any other accounts.
Security
The digest algorithm used depends on the
INFOCARD_DIGEST[5] directive in
effect.
Plaintext PPIDs are not stored. This makes it more difficult for an attacker
that gains access to the InfoCard account file to discover PPIDs.
Only a
DACS administrator should be able to successfully run this program
from the command line. Because
DACS keys and configuration files,
including the file used to store accounts, must be restricted to an
administrator, this will normally be the case, but a careful administrator
will set file permissions to deny access to all other users. An ordinary user
is able to change his own InfoCard registration using the
dacs_infocard(8)[6] web service.
This program is also available as a
DACS web service,
dacs_infocard(8)[6].
OPTIONS¶
The
dacsinfocard command recognizes these command line flags:
EXAMPLES¶
To list all of the InfoCard accounts configured for the jurisdiction named
INFOCARDS:
% dacsinfocard -uj INFOCARDS -list
DSS::INFOCARDS:bob managed,istatic,enabled,passwd
DSS::INFOCARDS:alice managed,istatic,disabled,passwd
To re-enable the alice account:
% dacsinfocard -uj INFOCARDS -ena alice
To test if alice's account is enabled:
% dacsinfocard -uj INFOCARDS -test ena alice
% echo $status
0
To test if there are accounts for usernames bob and carol:
% dacsinfocard -uj INFOCARDS -test exists carol
% echo $status
0
% dacsinfocard -uj INFOCARDS -test exists bob
% echo $status
1
To get the private data for username bob:
% set x=`dacsinfocard -uj INFOCARDS -pdg bob`
% echo "$x"
On vacation
DIAGNOSTICS¶
The program exits 0 if everything was fine, and non-zero otherwise. A
"false" outcome from the
-test operation is reflected by an
exit status of 1. An error condition is indicated by an exit status of 2.
BUGS¶
As this is a relatively new and complicated feature, please test carefully.
SEE ALSO¶
dacs_infocard(8)[6],
dacsauth(1)[7],
dacs_authenticate(8)[8],
dacs_admin(8)[9],
dacs.conf(5)[10],
Using InfoCards With DACS[11]
AUTHOR¶
Distributed Systems Software (
www.dss.ca[12])
COPYING¶
Copyright2003-2012 Distributed Systems Software. See the
LICENSE[13] file
that accompanies the distribution for licensing information.
NOTES¶
- 1.
- dacsoptions
- 2.
- local_infocard_authenticate
- 3.
- dacspasswd(1)
- 4.
- local_passwd_authenticate
- 5.
- INFOCARD_DIGEST
- 6.
- dacs_infocard(8)
- 7.
- dacsauth(1)
- 8.
- dacs_authenticate(8)
- 9.
- dacs_admin(8)
- 10.
- dacs.conf(5)
- 11.
- Using InfoCards With DACS
- 12.
- www.dss.ca
- 13.
- LICENSE