.\" Copyright (c) 2003-2012 .\" Distributed Systems Software. All rights reserved. .\" See the file LICENSE for redistribution information. .\" $Id: copyright-nr 2564 2012-03-02 00:17:08Z brachman $ '\" t .\" Title: dacs .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 08/23/2020 .\" Manual: DACS Commands Manual .\" Source: DACS 1.4.40 .\" Language: English .\" .TH "DACS" "1" "08/23/2020" "DACS 1.4.40" "DACS Commands Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" dacs \- a distributed access control system .SH "SYNOPSIS" .HP \w'\fBdacs\fR\ 'u \fBdacs\fR [\fB\-v\fR | \fB\-\-verbose\fR] [\fB\-\-checkdigest\fR\ \fIdigest\-desc\fR] [\fB\-\-dumpenv\fR] [\fB\-\-digests\fR\ [\fB\fIdigest\-name\fR\fR]] [\fB\-\-license\fR] [\fB\-\-version\fR] .HP \w'\fBdacs\fR\ 'u \fBdacs\fR \fIdacs\-command\fR [\fI\m[blue]\fBdacsoptions\fR\m[]\&\s-2\u[1]\d\s+2\fR] [...] .HP \w'\fB\fIdacs\-command\fR\fR\ 'u \fB\fIdacs\-command\fR\fR [\fB\-u\fR\ \fIuri\-prefix\fR | \fB\-uj\fR\ \fIjurisdiction\-name\fR | \fB\-un\fR | \fB\-up\fR\ \fIjurisdiction\-name\fR | \fB\-us\fR] [\fB\-c\fR\ \fIdacs\&.conf\fR] .br [\fB\-sc\fR\ \fIsite\&.conf\fR] [\fB\-ll\fR\ \fIlogging\-level\fR] [\fB\-format\fR\ \fIfmt\fR] [\fB\-q\fR] [\fB\-t\fR] [\fB\-D\fR\fB\fIname\fR\fR\fB=\fR\fB\fIvalue\fR\fR] .br [\fB\-v\fR | \fB\-\-verbose\fR] [\fB\-\-checkdigest\fR\ \fIdigest\-desc\fR] [\fB\-\-digests\fR\ [\fB\fIdigest\-name\fR\fR]] [\fB\-\-dumpenv\fR] [\fB\-\-enable\-dump\fR] [\fB\-\-license\fR] [\fB\-\-std\fR] [\fB\-\-version\fR] .SH "DESCRIPTION" .PP This program is part of the \fBDACS\fR suite\&. .PP \fBDACS\fR is a general\-purpose, Web\-based authentication and access control system\&. It provides single sign\-on functionality and flexible access control to content and services provided by web servers\&. \fBDACS\fR consists of an \fBApache\fR module (\m[blue]\fBmod_auth_dacs\fR\m[]\&\s-2\u[2]\d\s+2) through which \fBApache\fR communicates with \fBDACS\fR to make access control decisions, a suite of CGI programs that provide \fBDACS\fR web services, and a collection of utility commands that provide various support and administrative functions for \fBDACS\fR\&. Some of these utilities, such as \m[blue]\fBdacshttp(1)\fR\m[]\&\s-2\u[3]\d\s+2 and \m[blue]\fBsslclient(1)\fR\m[]\&\s-2\u[4]\d\s+2, are completely general\-purpose\&. .PP The \fBDACS\fR access control engine and authentication components can also be used from the command line, within a CGI environment or completely independently of the Web\&. .PP For important information about \fBDACS\fR, including installation instructions, please see \m[blue]\fBdacs\&.readme(7)\fR\m[]\&\s-2\u[5]\d\s+2 and \m[blue]\fBdacs\&.install(7)\fR\m[]\&\s-2\u[6]\d\s+2\&. .SS "About DACS" .PP .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNO WARRANTY\fR .ps -1 .br .PP This software is provided by Dss "as is" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non\-infringement, are disclaimed\&. In no event shall Dss be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage\&. .sp .5v .RE .PP By convention, the names of all \fBDACS\fR web services begin with the prefix "dacs_" (e\&.g\&., \fBdacs_conf\fR)\&. Starting with release 1\&.4\&.17, all commands that implement \fBDACS\fR functionality begin with the prefix "dacs" (e\&.g\&., \fBdacsconf\fR)\&. Many \fBDACS\fR web services have command analogues\&. The names of web services that are used internally by \fBDACS\fR (i\&.e\&., they are never called directly by users) begin with "local_" (e\&.g\&., \fBlocal_passwd_authenticate\fR)\&. General\-purpose web services and commands do not follow a naming convention, other than not using any of the previously mentioned prefixes\&. .PP The document type definitions (DTDs) that are maintained in the dtd\-xsd directory are used to document file formats or describe the arguments to a \fBDACS\fR web service or its reply\&. In the current implementation, these DTD files are not used during XML validation\&. Attributes of type CDATA may have additional constraints on their values; consult the relevant documentation\&. The files are technically not valid DTDs, because they lack a document type declaration (DOCTYPE); an appropriate DOCTYPE is generated programmatically at the time a DTD is emitted\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBImportant\fR .ps -1 .br .PP \fBDACS\fR does not prevent certain kinds of attacks against web sites, such as \m[blue]\fBDenial of service attacks\fR\m[]\&\s-2\u[7]\d\s+2, \m[blue]\fBCross\-site scripting (XSS)\fR\m[]\&\s-2\u[8]\d\s+2 or \m[blue]\fBCross\-site request forgery (CSRF)\fR\m[]\&\s-2\u[9]\d\s+2\&. When combined with appropriate web site protective measures, however, \fBDACS\fR does provide mechanisms to make these types of attacks more difficult\&. .sp .5v .RE .SS "About the Manual Pages" .PP The technical documentation for \fBDACS\fR is provided as a set of manual pages\&. From XML source files, HTML, nroff/troff, and nroff output collections are generated during the installation procedure\&. In the HTML collection, an \m[blue]\fBindex page\fR\m[]\&\s-2\u[10]\d\s+2 includes a table of contents, links to special annotations within the technical documentation, and lists of variables, configuration directives, and XML Document Type Definitions\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBTip\fR .ps -1 .br .PP Each HTML manual page contains a font size selection tool near its bottom\&. If JavaScript is enabled, the currently selected font size can be changed and a global preference set\&. To choose a font size for the current page, click on one of the four boxes\&. To make the current selection your preference across manual pages, site visits, and browser sessions, click on the "set" button, which will set an HTTP cookie\&. If a preference has not been set in this way (i\&.e\&., there is no cookie) and a manual page is visited with the query parameter \fIDACSMANFONT\fR set to 0, 1, 2, or 3 (representing smallest to largest point sizes), the corresponding font will be selected and the preference automatically set (if a preference has been set, the parameter is ignored)\&. .sp .5v .RE .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBTip\fR .ps -1 .br .PP The output of \m[blue]\fBman(1)\fR\m[]\&\s-2\u[11]\d\s+2 for these manual pages is likely to contain ANSI escape sequences (e\&.g\&., for bold face mark up)\&. For these pages to be rendered in a terminal window as intended, the pager used for this purpose may need to be given an appropriate flag, such as \-R for \m[blue]\fBless(1)\fR\m[]\&\s-2\u[12]\d\s+2\&. .sp .5v .RE .PP Areas of the documentation labeled "Security" discuss important security considerations; please pay special attention to them\&. Areas labeled "Tip" provide pointers to time\-saving (and sometimes aggravation\-reducing) techniques and recommended practices\&. .PP In pathnames and URLs that appear in examples, the text "\&.\&.\&." represents text that has been omitted because it is not relevant to the discussion at hand, or which may vary depending on configuration details, such as where something has been installed (e\&.g\&., \&.\&.\&./dacs/bin/dacshttp)\&. .PP Unless otherwise stated, URLs used in examples are fictitious and most likely will not work\&. The reserved domain name example\&.com is often used (\m[blue]\fBRFC 2606\fR\m[]\&\s-2\u[13]\d\s+2)\&. .PP In instructions and examples, a \*(Aq%\*(Aq is generally used to signify a command line prompt: .sp .if n \{\ .RS 4 .\} .nf % date Sun Apr 1 15:33:11 PDT 2007 .fi .if n \{\ .RE .\} .sp Sometimes another character is used to signify a prompt, however, such as when demonstrating the interactive mode of \m[blue]\fBdacsexpr(1)\fR\m[]\&\s-2\u[14]\d\s+2: .sp .if n \{\ .RS 4 .\} .nf > 1 + 1 2 .fi .if n \{\ .RE .\} .PP An extended form of \m[blue]\fBBNF notation\fR\m[]\&\s-2\u[15]\d\s+2 is used to describe syntax concisely\&. We hope it is both understandable and familiar, but some inconsistencies and ambiguities may occur throughout the documentation; this is being improved slowly\&. A term in a production may include a regular expression type specification, with \*(Aq+\*(Aq meaning one or more occurrences of the term, and \*(Aq*\*(Aq zero or more occurrences\&. Any one of a set of characters is specified within square brackets, and a range of consecutive characters (in ASCII code sequence) is separated by a hyphen (e\&.g\&., [A\-Za\-z0\-9\e\-_]+ means "one or more alphabetic characters, digits, hyphens, or underscores")\&. In other contexts, square brackets indicate an optional term\&. Single and double quotes specify literal characters\&. Note that XML DTDs use their own syntax, which is somewhat different, and in some cases grammars followed in relevant RFCs are respected for clarity or in examples\&. .SS "Key Concepts" .PP Some of the key concepts used throughout the \fBDACS\fR documentation are defined in this section\&. .PP .PP \fIaccount\fR .RS 4 A record, usually persistent, that associates an identity (or username) with state information (such as whether authentication is enabled or disabled), information that is required to authenticate the identity (such as a digest of a password string), and possibly other sign\-on related information\&. \fBDACS\fR does not provide mechanisms to administer "foreign" account types\&. For instance, although it can authenticate against them, \fBDACS\fR cannot create, modify, delete, or list Unix or Windows accounts\&. Note that \fBDACS\fR identities do not necessarily have a corresponding account\&. .RE .PP \fIauthentication\fR .RS 4 The procedure by which a person or program obtains credentials that represent a \fBDACS\fR identity, usually by asserting a \fBDACS\fR username that represents an identity and providing information that only that identity is likely to know or possess\&. After successful authentication, a person or program is said to have authenticated\&. \fBDACS\fR can interface with a wide variety of authentication methods and provides some of its own; new methods can easily be added\&. .RE .PP \fIauthorization\fR .RS 4 The procedure that determines, in a particular context, whether a request for a given resource or object should be allowed\&. If an identity is authorized to perform a certain operation on the object, access is granted, otherwise it is denied\&. Access control rules are one method of describing which identity or identities should be granted \- or denied \- access to a particular resource\&. Coarse\-grained access control involves making a high\-level decision of whether access to an object should be granted; this is usually an all\-or\-nothing decision\&. Fine\-grained access control is used within a program to decide whether access to a lower\-level resource (some data, an administrative function, a menu) should be granted\&. .sp Note that unlike some systems, \fBDACS\fR does not predetermine which resources a particular user (identity) can and cannot access; that is, an administrator does not make a list of what rights each user has\&. Authorization is always determined by rule evaluation, in real time, when a user requests a resource\&. The only exemptions to this are some optional features: \m[blue]\fBAuthorization Caching\fR\m[]\&\s-2\u[16]\d\s+2 and \m[blue]\fBRlinks\fR\m[]\&\s-2\u[17]\d\s+2\&. .RE .PP \fIcredentials\fR .RS 4 If \fIauthentication\fR is successful, \fBDACS\fR returns information that can be used in subsequent operations to represent the authenticated identity\&. Credentials contain information about the identity, such as its name, and meta information, such as the time at which the credentials expire and become invalid\&. Credentials are protected cryptographically so that they are difficult to forge or alter\&. They must be kept secret, so that the identity cannot be used by anyone other than its owner, and must accompany a request made to a server so that \fBDACS\fR knows who is making the request\&. The particular mechanism used for this is not important provided credentials cannot be copied and reused; transporting credentials using the payload of an HTTP cookie over an SSL/TLS connection is typical, although sending credentials as the value of an HTTP extension header is another possibility\&. .sp Although there is no specific limit on the size of credentials as far as \fBDACS\fR is concerned, since they can be encapsulated within an HTTP cookie and returned to a browser, constraints on cookies imposed by browsers should be carefully considered\&. .sp Any jurisdiction can understand credentials produced by any other jurisdiction within the same federation\&. Therefore, a user only needs to be authenticated once to access web services at any jurisdiction using that identity\&. .sp Note that in \fBDACS\fR, credentials do not give their owner any rights or convey any authorization; \fBDACS\fR is not a \m[blue]\fBcapability\-based system\fR\m[]\&\s-2\u[18]\d\s+2\&. Credentials simply represent a \fBDACS\fR identity\&. .sp Refer to \m[blue]\fBdacs_authenticate(8)\fR\m[]\&\s-2\u[19]\d\s+2 for details\&. .RE .PP \fIcurrent request\fR .RS 4 The event that has triggered the authorization check being processed by \m[blue]\fBdacs_acs(8)\fR\m[]\&\s-2\u[20]\d\s+2 is referred to as the current request\&. For a request for a \fBDACS\fR\-wrapped web resource, this will be the HTTP request that is received by the web server for the resource\&. In situations where \fBdacs_acs\fR is not involved, such as when \m[blue]\fBdacscheck(1)\fR\m[]\&\s-2\u[21]\d\s+2 or \m[blue]\fBdacsexpr(1)\fR\m[]\&\s-2\u[14]\d\s+2 are used, the current request and its context are specified by command line arguments or are obtained from the \m[blue]\fBexecution environment\fR\m[]\&\s-2\u[22]\d\s+2\&. .sp \fBdacs_acs\fR uses \fI${DACS::URI}\fR as the path component of the current request\&. It is obtained from the \fIuri\fR element of the current request_rec within \fBhttpd\fR\&. This is the string that is used to match against access control rules\&. .sp Other \fBDACS\fR components determine the current HTTP request by examining several environment variables: \fBHTTP_HOST\fR (or \fBSERVER_NAME\fR and \fBSERVER_PORT\fR), \fBREQUEST_URI\fR, \fBQUERY_STRING\fR, and \fBHTTPS\fR\&. .sp The value of \fI${DACS::URI}\fR and the path component of \fI${Env::REQUEST_URI}\fR are not necessarily the same\&. After an internal redirect, for example, the latter\*(Aqs value is from the original URL, while the former\*(Aqs is from the target of the redirection\&. .sp The current request string is important because it may be used to determine the \m[blue]\fBcurrent federation\fR\m[]\&\s-2\u[23]\d\s+2 and \m[blue]\fBcurrent jurisdiction\fR\m[]\&\s-2\u[24]\d\s+2, and because it is used when searching for the access control rule to apply to the request\&. .RE .PP \fBDACS\fR .RS 4 Consisting of CGI\-based web services, an \fBApache\fR 2\&.2/2\&.4 module, and a collection of utilities, \fBDACS\fR provides authentication and authorization functionality\&. Transparent, coarse\-grained attribute\-based access control is available for web resources\&. .sp Programmatic, general\-purpose access control is available for virtually any program (using \m[blue]\fBdacscheck(1)\fR\m[]\&\s-2\u[21]\d\s+2)\&. This is completely decoupled from Apache\&. .RE .PP \fBDACS\fR \fIadministrator\fR .RS 4 An individual (or individuals) responsible for managing the operation of \fBDACS\fR is called a \fBDACS\fR administrator (sometimes just "the administrator")\&. This individual is not necessarily a system administrator (e\&.g\&., superuser or root), although a small number of optional components of \fBDACS\fR must execute as user or group root\&. The \fBDACS\fR administrator need not be an \fBApache\fR administrator; once \fBApache\fR has been configured for \fBDACS\fR it typically requires very few modifications thereafter\&. The \fBDACS\fR administrator is responsible for configuring and testing \fBDACS\fR (probably installing and upgrading it, too), managing user accounts and access control rules, safeguarding security, backing up configuration and data files, and so on\&. The design of \fBDACS\fR allows some delegation of responsibility, largely based on file permissions\&. When invoked as a web service, each of the identities configured as a \m[blue]\fBADMIN_IDENTITY\fR\m[]\&\s-2\u[25]\d\s+2 is effectively a \fBDACS\fR administrator; in this context, the system superuser has no significance\&. .RE .PP \fBDACS\fR \fIidentity\fR .RS 4 Each authenticated user is assigned a name that consists of the name of the authenticating jurisdiction, its federation name, and a username\&. Each of these naming components must be syntactically correct\&. In some contexts the federation name is implicit; sometimes the jurisdiction name is also implicit\&. Entities such as individuals (people, but also programs, devices, etc\&.), federations, jurisdictions, and groups have names\&. It is the responsibility of jurisdictions to authenticate users\&. The syntax, meanings, and uniqueness of names is also a jurisdictional issue, and perhaps a federation\-wide issue as well\&. .sp Each real world entity typically has a unique \fBDACS\fR identity, but this is left up to authenticating jurisdictions\&. Two or more identities are distinct if they do not refer to the same real world individual\&. Federated identity or single sign\-on (SSO) is the ability to recognize a user identity across jurisdictions and even across federations\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBImportant\fR .ps -1 .br Keep in mind that regardless of the authentication method and account information used, two identical usernames (relative to the same jurisdiction and taking into account \m[blue]\fBNAME_COMPARE\fR\m[]\&\s-2\u[26]\d\s+2) are \fIimplicitly assumed to refer to the same identity\fR by \fBDACS\fR\&. For instance, someone who authenticated as auggie by providing the correct Unix password is virtually indistinguishable from someone who authenticated as auggie using an Information Card\&. User credentials include information about the authentication method involved in their creation and the \m[blue]\fBuser()\fR\m[]\&\s-2\u[27]\d\s+2 function can be used to obtain this information, but it would be unwise to base identities on this\&. It is strongly advised that a new \fBDACS\fR jurisdiction carefully develop an extensible plan for user naming\&. .sp .5v .RE .RE .PP \fBDACS\fR\-\fIwrapped\fR .RS 4 A web resource is said to be \fBDACS\fR\-wrapped if the web server responsible for the resource calls \fBDACS\fR (more specifically, \m[blue]\fBdacs_acs(8)\fR\m[]\&\s-2\u[20]\d\s+2) to make an access control decision whenever it receives a request for the resource\&. .RE .PP \fIfederation\fR .RS 4 A \fBDACS\fR federation consists of one or more jurisdictions\&. The jurisdictions comprising a federation coordinate information sharing through light\-weight business practices implemented as a requirement of membership in a \fBDACS\fR federation; in other words, the members of a federation typically agree to observe certain rules of conduct to preserve overall security and so that users can obtain maximum benefit\&. A federation consisting of just one jurisdiction is not unusual\&. .RE .PP \fIitem type\fR .RS 4 An item type is a name that maps to a \m[blue]\fBVFS\fR\m[]\&\s-2\u[28]\d\s+2 (virtual filestore) specification that configures how and where data is stored\&. The level of indirection that they provide means that access control rules, for example, can be configured to be in regular files, a Berkeley DB database, a remote database accessed by HTTP, and so on \- all that is required is that the item type acls be properly configured\&. Some item types (like acls) are reserved and have special meaning to \fBDACS\fR, while others can be used by a \fBDACS\fR administrator for other purposes\&. An item type name is case sensitive and consists of alphanumerics, hyphens, and underscores, but must begin with an alphabetic character\&. .RE .PP \fIjurisdiction\fR .RS 4 A \fBDACS\fR jurisdiction is an autonomous administrative entity that authenticates its users, provides web services, or both\&. It may correspond to an organization, department, web server, or virtual host\&. Jurisdictions are sometimes created simply as an administrative convenience\&. Each jurisdiction is assigned a unique name within a federation\&. .sp A user\*(Aqs home jurisdiction is a jurisdiction that can authenticate that user\&. In situations where a user has multiple credentials obtained from different jurisdictions, the effective home jurisdiction for a request depends on which credentials are selected during authorization processing\&. Configuration directives are available to restrict the number of sets of credentials that may accompany a request\&. .RE .PP \fIuser agent\fR .RS 4 A user agent is client\-side software that interacts with other software (a server application, typically) on behalf of a \fIuser\fR\&. A user is often a person but can also be software\&. A web browser, which is used to interact with a web server, is an example of a user agent\&. .RE .SS "Naming" .PP \fBDACS\fR needs to name a variety of things so that they can be referred to in expressions, access control rules, configuration directives, and so on\&. While the URI syntax is used to name some kinds of objects within \fBDACS\fR, \fBDACS\fR also has its own concise naming schemes\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .PP The terms current federation (current jurisdiction) and this federation (this jurisdiction) are used in the documentation to refer to the federation (jurisdiction) associated with the configuration context in effect while \fBDACS\fR processes a request\&. .PP In general, the \fIfederation\-name\fR component of a name is optional; if absent, the current federation is assumed\&. Similarly, the \fIjurisdiction\-name\fR may be elided and the current jurisdiction is implied\&. .sp .5v .RE .PP Federations .RS 4 Syntax: .sp .if n \{\ .RS 4 .\} .nf \fIfederation\-name\fR:: .fi .if n \{\ .RE .\} .sp Example: .sp .if n \{\ .RS 4 .\} .nf DEMO:: .fi .if n \{\ .RE .\} .sp The \fIfederation\-name\fR (usually obtained from a \m[blue]\fBFEDERATION_NAME\fR\m[]\&\s-2\u[29]\d\s+2 configuration directive) must begin with an alphabetic character and is followed by zero or more alphanumerics, hyphens, and underscores\&. A \fIfederation\-name\fR is ordinarily treated case sensitively (but see the \m[blue]\fBNAME_COMPARE\fR\m[]\&\s-2\u[26]\d\s+2 configuration directive and the \m[blue]\fBuser()\fR\m[]\&\s-2\u[27]\d\s+2 function for alternate behaviours)\&. There is no \fIa priori\fR limit on its length\&. .sp The \m[blue]\fBFEDERATION_DOMAIN\fR\m[]\&\s-2\u[30]\d\s+2 directive specifies the domain name suffix common to all jurisdictions in a federation\&. .RE .PP Jurisdictions .RS 4 Syntax: .sp .if n \{\ .RS 4 .\} .nf [[\fIfederation\-name\fR:: | [::]] \fIjurisdiction\-name\fR: .fi .if n \{\ .RE .\} .sp Examples: .sp .if n \{\ .RS 4 .\} .nf DEMO::DSS: ::DSS: DSS: .fi .if n \{\ .RE .\} .sp The \fIjurisdiction\-name\fR (usually obtained from a \m[blue]\fBJURISDICTION_NAME\fR\m[]\&\s-2\u[31]\d\s+2 configuration directive) must begin with an alphabetic character and is followed by zero or more alphanumerics, hyphens, and underscores\&. A \fIjurisdiction\-name\fR is ordinarily treated case sensitively (but see the \m[blue]\fBNAME_COMPARE\fR\m[]\&\s-2\u[26]\d\s+2 configuration directive and the \m[blue]\fBuser()\fR\m[]\&\s-2\u[27]\d\s+2 function for alternate behaviours)\&. There is no \fIa priori\fR limit on its length\&. .RE .PP Users .RS 4 Syntax: .sp .if n \{\ .RS 4 .\} .nf [[[\fIfederation\-name\fR:: | [::]] \fIjurisdiction\-name\fR]:\fIusername\fR .fi .if n \{\ .RE .\} .sp Examples: .sp .if n \{\ .RS 4 .\} .nf DEMO::DSS:auggie ::DSS:auggie DSS:auggie :auggie .fi .if n \{\ .RE .\} .sp A full \fBDACS\fR identity includes a federation name component and a jurisdiction name component, in addition to the \fIusername\fR\&. It is provided to \fBDACS\fR\-wrapped programs as the value of the \fB\m[blue]\fBDACS_IDENTITY\fR\m[]\&\s-2\u[32]\d\s+2\fR environment variable\&. .sp The username component, which is available to CGI programs as the value of the \fB\m[blue]\fBDACS_USERNAME\fR\m[]\&\s-2\u[33]\d\s+2\fR environment variable, consists of one or more ASCII characters from the set of upper and lower case alphabetics, digits, and the following punctuation characters: .sp .if n \{\ .RS 4 .\} .nf ! # $ % & \*(Aq \- \&. ; ? @ [ ^ _ ` { } .fi .if n \{\ .RE .\} .sp All characters having a value less than 041 (octal) or greater than 0176 (octal) are \fIinvalid\fR, as are the following characters: .sp .if n \{\ .RS 4 .\} .nf * , : + ( ) ~ < > = | \e / " .fi .if n \{\ .RE .\} .sp .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNotes\fR .ps -1 .br .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} It is a goal to liberally accept usernames because different platforms and even different platform versions and flavours allow various username syntaxes\&. Nevertheless, administrators should be careful if punctuation characters are permitted in usernames as this could lead to subtle problems if those characters appear in URLs, access control rules, or HTTP cookies\&. The compile\-time symbol JURISDICTION_NAME_SEP_CHAR, which is a colon by default, is disallowed in usernames (and this symbol should probably never be redefined)\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} In addition to the alphanumeric characters, \m[blue]\fBRFC 2396\fR\m[]\&\s-2\u[34]\d\s+2 allows only the following characters ("\fIpchar\fR") to appear in the path component of a URI: .sp .if n \{\ .RS 4 .\} .nf \- _ \&. ! ~ * \*(Aq ( ) % : @ & = + $ , .fi .if n \{\ .RE .\} .sp .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Some valid email addresses are not valid \fBDACS\fR usernames\&. For example, *bob*@example\&.com, "(bob)"@example\&.com, and \e(bob\e)@example\&.com are valid mailbox names as defined by \m[blue]\fBRFC 822\fR\m[]\&\s-2\u[35]\d\s+2 (Appendix D) and discussed in \m[blue]\fBRFC 3696\fR\m[]\&\s-2\u[36]\d\s+2 (Section 3), but both are invalid as \fBDACS\fR usernames\&. Unless quoted, the local\-part component of an email address, which precedes the "@" character in the addr\-spec, may not contain any of: .sp .if n \{\ .RS 4 .\} .nf ( ) < > @ , ; : \e " \&. [ ] .fi .if n \{\ .RE .\} .sp Additionally, the space and all US\-ASCII control characters (octets 0 \- 31) and DEL (127) are disallowed\&. Without quotes, the local\-part may consist of any combination of alphabetics, digits, or any of the following characters: .sp .if n \{\ .RS 4 .\} .nf ! # $ % & \*(Aq * + \- / = ? ^ _ ` \&. { | } ~ .fi .if n \{\ .RE .\} .sp A period ("\&.") may be used, but may not start or end the local\-part, nor may two or more consecutive periods appear\&. Within double quotes, any ASCII character may appear if properly quoted (e\&.g\&., Auggie\&." "\&.O\&."\e\*(Aq"\&.Doggie@example\&.com)\&. The maximum length of the local\-part is 64 characters, and the maximum length of the domain component that appears after the "@" character is 255 characters\&. .sp There is currently no way to "quote" a \fBDACS\fR username, so some safe encoding method or transformation must be applied to these names\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBDACS\fR may create identities for internal use having username components that include characters that are normally invalid\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} A \fIusername\fR is case sensitive (but see the \m[blue]\fBNAME_COMPARE\fR\m[]\&\s-2\u[26]\d\s+2 configuration directive and the \m[blue]\fBuser()\fR\m[]\&\s-2\u[27]\d\s+2 function for alternate behaviours)\&. There is no \fIa priori\fR limit on its length\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The usernames auth and unauth are perfectly valid\&. Refer to the \m[blue]\fBuser()\fR\m[]\&\s-2\u[27]\d\s+2 function for additional information\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The recommended practice is for jurisdictions to map their \fBDACS\fR usernames to lower case during the authentication procedure where possible and when the mappings are unique\&. The \m[blue]\fBEXIT*\fR\m[]\&\s-2\u[37]\d\s+2 directive may be used for this purpose\&. .RE .sp .5v .RE .RE .PP Groups .RS 4 Syntax: .sp .if n \{\ .RS 4 .\} .nf [[\fIfederation\-name\fR:: | [::]] %[\fIjurisdiction\-name\fR]:\fIgroupname\fR .fi .if n \{\ .RE .\} .sp A \fIgroupname\fR must begin with an alphabetic character and may be followed by any number of alphanumeric, hyphen ("\-"), and underscore ("_") characters\&. .sp Examples: .sp .if n \{\ .RS 4 .\} .nf %DEMO::DSS:friends %::DSS:friends %DSS:friends %:friends .fi .if n \{\ .RE .\} .sp .RE .PP Roles and Role Descriptors .RS 4 Syntax: .sp .if n \{\ .RS 4 .\} .nf \fIRole\-Descriptor\fR \-> \fIEmpty\-String\fR | \fIRole\-List\fR \fIRole\-List\fR \-> \fIRole\fR | \fIRole\fR "," \fIRole\-List\fR \fIRole\fR \-> \fIBasic\-Role\fR | \fIComposite\-Role\fR \fIBasic\-Role\fR \-> [A\-Za\-z0\-9\e\-_]+ \fIComposite\-Role\fR \-> \fIBasic\-Role\fR "/" \fIBasic\-Role\fR | \fIBasic\-Role\fR "/" \fIComposite\-Role\fR \fIEmpty\-String\fR \-> "" .fi .if n \{\ .RE .\} .sp A role descriptor string (also called a role string or a role descriptor) consists of a comma separated list of roles\&. The name of a role (a \fIBasic\-Role\fR) is constructed from upper and lower case letters, digits, hyphens, and underscores\&. A \fIComposite\-Role\fR is constructed from two or more \fIBasic\-Role\fR terms, separated by a slash character\&. Here are three examples of a role descriptor: .sp .if n \{\ .RS 4 .\} .nf admin,wheel,root admin/hardware networks/programming,computer\-science/systems/Project_X .fi .if n \{\ .RE .\} .sp .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br A role descriptor string contains no white space characters and may not begin or end with a comma or slash character\&. Two or more consecutive commas are illegal, as are two or more consecutive slashes\&. .sp .5v .RE The \m[blue]\fBsetvar()\fR\m[]\&\s-2\u[38]\d\s+2 function can be used to separate a composite role into its basic roles\&. .sp Please refer to \m[blue]\fBdacs\&.groups(5)\fR\m[]\&\s-2\u[39]\d\s+2 for additional information\&. .RE .PP Concise User Syntax .RS 4 Syntax: .sp .if n \{\ .RS 4 .\} .nf \fIident\fR \-> \*(Aq{\*(Aq \fIkwv\-list\fR \*(Aq}\*(Aq | \fIuser\fR \fIkwv\-list\fR \-> \fIkwv\fR [\*(Aq,\*(Aq \fIkwv\fR]* \fIkwv\fR \-> \fIkwv\-user\fR | \fIkwv\-group\fR | \fIkwv\-attr\fR | \fIkwv\-ip\fR | \fIkwv\-expires\fR \fIkwv\-user\fR \-> \*(Aqu=\*(Aq [Q] \fIuser\fR [Q] \fIkwv\-group\fR \-> \*(Aqg=\*(Aq [Q] \fIgroups\fR [Q] \fIkwv\-attr\fR \-> \*(Aqa=\*(Aq [Q] \fIattr\fR [Q] \fIkwv\-expires\fR \-> \*(Aqe=\*(Aq [Q] \fIexpires\fR [Q] \fIkwv\-ip\fR \-> \*(Aqip=\*(Aq [Q] \fIip\-addr\fR [Q] \fIuser\fR \-> \fIsimple\-name\fR | \fIDACS\-identity\fR \fIgroups\fR \-> \fIgroup\fR [\*(Aq,\*(Aq \fIgroup\fR]* \fIgroup\fR \-> \fIgroupname\fR | \fIrole\-descriptor\fR \fIattr\fR \-> \fIany\-alphabetic\fR \fIip\-addr\fR \-> \fIany\-IP\-addr\fR \fIexpires\fR \-> +\fIrel\-secs\fR | \fIdate\fR .fi .if n \{\ .RE .\} .sp where: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Q is an optional (matched) quote character; .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} whitespace may optionally precede most tokens; .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} a \fIDACS\-identity\fR is a full or abbreviated \m[blue]\fBDACS identity\fR\m[]\&\s-2\u[40]\d\s+2 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} a \fIsimple\-name\fR is the \fIusername\fR component of a \fBDACS\fR identity (i\&.e\&., without any colons); consequently in this context a "special" name, such as auth, is treated as :auth .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fIrole\-descriptor\fR must be a valid \fBDACS\fR role string and \fIgroupname\fR must be a valid \fBDACS\fR group name (see \m[blue]\fBdacs_authenticate(8)\fR\m[]\&\s-2\u[41]\d\s+2 and \m[blue]\fBdacs\&.groups(5)\fR\m[]\&\s-2\u[42]\d\s+2); .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} an IP address is expressed in the Internet standard numeric dot notation (e\&.g\&., 10\&.0\&.0\&.1); and .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} the lifetime of credentials derived from the identity can be expressed either as a given number of seconds (e\&.g, "e=+3600") or a given date in one of the following formats (see \m[blue]\fBstrptime(3)\fR\m[]\&\s-2\u[43]\d\s+2): .sp .if n \{\ .RS 4 .\} .nf %a, %d\-%b\-%Y %H:%M:%S GMT %d\-%b\-%Y %b %d, %Y %b %d %Y\-%m\-%dT%H:%M:%SZ .fi .if n \{\ .RE .\} .sp When necessary, dates are interpreted relative to the current time or date\&. The lifetime is converted to its canonical form, which is the absolute time and date in seconds since the Epoch, based on the jurisdiction\*(Aqs clock\&. A date in the past can be specified; this might be useful for testing, for instance\&. If the identity is not used to create credentials, the expiry date is ignored, although it must be syntactically correct\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} the only supported attribute value is "a", which means that the identity should be treated as an \m[blue]\fBADMIN_IDENTITY\fR\m[]\&\s-2\u[25]\d\s+2 (refer to the \fB\-admin\fR flag of \m[blue]\fBdacscheck(1)\fR\m[]\&\s-2\u[21]\d\s+2)\&. .RE .sp A name expressed in the concise syntax, gives a username and, optionally, roles and attributes for the identity\&. It is used by \m[blue]\fBdacscheck(1)\fR\m[]\&\s-2\u[21]\d\s+2, for instance\&. .RE .SS "The dacs Utility" .PP \fBDACS\fR utility commands are usually installed as separate binaries, but \fBDACS\fR can (also or instead) be built with most of them combined into a single binary that is installed as \fBdacs\fR\&. The various utility programs may then be run as: .sp .if n \{\ .RS 4 .\} .nf % dacs \fIdacs\-command\fR [\fIdacsoptions\fR] [\fIcommand\-options\fR] .fi .if n \{\ .RE .\} .sp For example: .sp .if n \{\ .RS 4 .\} .nf % dacs license % dacs dacskey \-u j1\&.example\&.com outfile % dacs checkdigest "pbkdf2[a=sha256,count=4098, dklen=20]" % dacs checkdigest 14 .fi .if n \{\ .RE .\} .sp Running the \fBdacs\fR utility without arguments will show the list of available sub\-commands\&. .SS "Start\-up Processing" .PP Most \fBDACS\fR programs perform the following actions when they start: .sp .RS 4 .ie n \{\ \h'-04' 1.\h'+01'\c .\} .el \{\ .sp -1 .IP " 1." 4.2 .\} Determine the "mode" in which they should operate; for example, if the \fBREMOTE_ADDR\fR environment variable is present, programs will in general assume they should run as a web application rather than as a utility command .RE .sp .RS 4 .ie n \{\ \h'-04' 2.\h'+01'\c .\} .el \{\ .sp -1 .IP " 2." 4.2 .\} Process a standard set of command line arguments (\m[blue]\fB\fIdacsoptions\fR\fR\m[]\&\s-2\u[44]\d\s+2) .RE .sp .RS 4 .ie n \{\ \h'-04' 3.\h'+01'\c .\} .el \{\ .sp -1 .IP " 3." 4.2 .\} Set the process umask to 007 to disallow world access for any created files .RE .sp .RS 4 .ie n \{\ \h'-04' 4.\h'+01'\c .\} .el \{\ .sp -1 .IP " 4." 4.2 .\} Disable a core dump so that sensitive information cannot be revealed by examining them (but see \m[blue]\fB\-\-enable\-dump\fR\m[]\&\s-2\u[45]\d\s+2) .RE .sp .RS 4 .ie n \{\ \h'-04' 5.\h'+01'\c .\} .el \{\ .sp -1 .IP " 5." 4.2 .\} Refuse to operate if any configuration file cannot be found or has an error .RE .sp .RS 4 .ie n \{\ \h'-04' 6.\h'+01'\c .\} .el \{\ .sp -1 .IP " 6." 4.2 .\} For web services, make the \fBDACS\fR home directory the current working directory .RE .sp .RS 4 .ie n \{\ \h'-04' 7.\h'+01'\c .\} .el \{\ .sp -1 .IP " 7." 4.2 .\} If "secure mode" has been enabled, web services will only process HTTPS requests .RE .sp .RS 4 .ie n \{\ \h'-04' 8.\h'+01'\c .\} .el \{\ .sp -1 .IP " 8." 4.2 .\} Verify that the version required by a request is compatible with the version of \fBDACS\fR receiving the request .RE .sp .RS 4 .ie n \{\ \h'-04' 9.\h'+01'\c .\} .el \{\ .sp -1 .IP " 9." 4.2 .\} Process any program\-specific command line arguments\&. .RE .PP \fBDACS\fR programs make an effort to destroy sensitive information (such as passwords) as soon as it is no longer needed and not to write potentially sensitive information to log files unless specifically configured to do so\&. .SS "Internals" .PP Some \fBDACS\fR components may call other components using HTTP (possibly over SSL/TLS, depending on configuration)\&. For example, authentication modules may be invoked as web services by \m[blue]\fBdacs_authenticate(8)\fR\m[]\&\s-2\u[41]\d\s+2\&. In all cases, these "internal" HTTP calls may not result in a redirection, such as through a 302 Found status code\&. Although this can sometimes be an inconvenience, it is, in part, a security measure\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBTip\fR .ps -1 .br .PP When debugging a problem that may involve an internal HTTP request (especially related to authentication), verify that \fBDACS\fR is not receiving a redirect\&. Internal HTTP requests may also fail mysteriously because of incorrect or incomplete configuration of SSL/TLS parameters\&. Internal HTTP requests over SSL/TLS use \m[blue]\fBsslclient(1)\fR\m[]\&\s-2\u[4]\d\s+2, as does the \m[blue]\fBdacshttp(1)\fR\m[]\&\s-2\u[3]\d\s+2 command\&. If you suspect that an https\-schemed URL may not be working, debug the problem using \fBsslclient\fR and then \fBdacshttp\fR\&. .sp .5v .RE .PP To maintain data consistency, \fBDACS\fR creates exclusive locks using the \m[blue]\fBfcntl(2)\fR\m[]\&\s-2\u[46]\d\s+2 system call on files written in the directory configured through the \m[blue]\fBTEMP_DIRECTORY\fR\m[]\&\s-2\u[47]\d\s+2 directive\&. .SS "Logging" .PP Most \fBDACS\fR services and utilities write various kinds of messages to one or more log files\&. These messages can be invaluable when trying to figure out what \fBDACS\fR is doing, for security audits, or to see which \fBDACS\fR\-wrapped resources are being accessed and in what ways\&. .PP Please refer to \m[blue]\fBdacs\&.conf(5)\fR\m[]\&\s-2\u[48]\d\s+2 for information about configuration directives related to logging\&. An assortment of command line flags, described below, are also related to logging\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBDACS\fR can emit log messages before configuration processing is complete and configuration directives associated with logging are not in effect during this startup interval (see \m[blue]\fB\-\-enab le\-hush\-startup\-logging\fR\m[]\&\s-2\u[49]\d\s+2)\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Because \m[blue]\fBmod_auth_dacs\fR\m[]\&\s-2\u[2]\d\s+2 is an \fBApache\fR module, the \fBApache\fR logging directives apply to it (and not the \fBDACS\fR directives) and its log messages are written to \fBApache\fR log files\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Log files can quickly become large, especially when the logging level is set to debug or trace levels\&. Consider daily rotation or truncation\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The text of a log message may occasionally span several lines\&. .RE .sp .5v .RE .PP The default value of the \m[blue]\fBLOG_FORMAT\fR\m[]\&\s-2\u[50]\d\s+2 directive, which controls the appearance of log messages, is defined in include/local\&.h as LOG_FORMAT_DEFAULT_WEB for \fBDACS\fR web services and LOG_FORMAT_DEFAULT_CMD for everything else\&. Here is a typical log message: .sp .if n \{\ .RS 4 .\} .nf [Wed Jul 12 12:37:09 2006] [trace] [83648,1060,\-] [dacs_acs:"acslib"] Allow clause grants access .fi .if n \{\ .RE .\} .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBAudit-Class Log Messages\fR .RS 4 .PP In the case of audit\-class messages, a string within parentheses may sometimes follow an identity, as in the examples below\&. This string, called a tracker, associates log messages with a particular origin and can be used to trace a user\*(Aqs sequence of service requests using log messages throughout a federation\&. This can be useful when debugging, looking for security problems, or forensic analysis\&. .PP For an unauthenticated user, the tracker can only be derived heuristically, from elements of the execution context\&. The user\*(Aqs IP address, user agent string, and SSL client certificate, when available, are used\&. If two of these tracker strings differ, the requests are typically coming from different hosts, browsers, or users, but this is not necessarily always the case\&. Similarly, if the same tracker string is associated with two log messages, the service requests are not necessarily being issued by the same user\&. .PP For an authenticated user, the tracker string consists of the heuristically\-derived string, followed by a comma, followed by a string uniquely associated with the user\*(Aqs credentials\&. This tracker has a high probability of being unique and having a one\-to\-one mapping with a particular user\&. .PP Consider these (condensed) log file entries: .sp .if n \{\ .RS 4 .\} .nf [Wed Jul 12 15:56:24 2006] [notice] [83963,1067,A] [dacs_acs:"authlib"] *** Access granted to unauthenticated user (7vJLWzv5) from 10\&.0\&.0\&.124 for /cgi\-bin/dacs/dacs_current_credentials [Wed Jul 12 15:56:27 2006] [notice] [83965,1073,A] [dacs_acs:"authlib"] *** Access granted to unauthenticated user (7vJLWzv5) from 10\&.0\&.0\&.124 for /cgi\-bin/dacs/dacs_authenticate [Wed Jul 12 15:56:27 2006] [debug] [83966,172,A] [dacs_authenticate:"authlib"] Authentication succeeded for HOME:bobo (7vJLWzv5,wA/Pudyp3f0) [Wed Jul 12 15:56:30 2006] [notice] [83973,1078,A] [dacs_acs:"authlib"] *** Access granted to DSS::HOME:bobo (7vJLWzv5,wA/Pudyp3f0) from 10\&.0\&.0\&.124 for /cgi\-bin/dacs/dacs_current_credentials .fi .if n \{\ .RE .\} .sp In the first two of the log messages above, the tracker 7vJLWzv5 appears, meaning that the two requests probably came from the same (unauthenticated) user\&. With the third log message, the user has been authenticated and the tracker 7vJLWzv5,wA/Pudyp3f0 is used\&. Because these trackers all share the same prefix, the first two requests probably also came from someone who authenticated as DSS::HOME:bobo\&. The last request, for /cgi\-bin/dacs/dacs_current_credentials, definitely came from that user\&. If this user were to signout and then issue more service requests anywhere in the federation DSS, each log message would contain the tracker 7vJLWzv5\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSecurity\fR .ps -1 .br .PP Tracking the requests of anonymous users reliably is difficult to do well\&. A cookie\-based approach may do better in some situations but has its own drawbacks (such as being totally ineffective when the user has disabled cookies)\&. .sp .5v .RE .RE .SS "Tracking User Activity" .PP \fBDACS\fR includes a feature, enabled as a build\-time option (see \m[blue]\fBdacs\&.install(7)\fR\m[]\&\s-2\u[51]\d\s+2), whereby a jurisdiction can track the activity of all of its users (i\&.e\&., those users that authenticate at the jurisdiction)\&. Each successful authentication event, explicit signout event, and user\-submitted web service request event can be recorded at the user\*(Aqs home jurisdiction in the format defined by \m[blue]\fBdacs_user_info\&.dtd\fR\m[]\&\s-2\u[52]\d\s+2\&. This information can be valuable for better understanding what is happening throughout a federation, including helping to diagnose performance and security issues\&. It is the basis of features like displays of recent account activity, and it might also be used to create new capabilities, such as a concurrent login limit or an adaptive authentication component to implement layered authentication or risk\-based authentication\&. .PP To specify where and how a home jurisdiction should maintain these records, the user_info item type must be defined at that jurisdiction; if it is not defined, no records will be written at that jurisdiction, although the jurisdiction will still try to send event records to other jurisdictions\&. For maximum benefit, the feature should be enabled at all jurisdictions in a federation; all user activity throughout the federation can then be logged\&. .PP If a jurisdiction wants to monitor the activity of its users at other jurisdictions, it must allow those jurisdictions to invoke its \m[blue]\fBdacs_vfs(8)\fR\m[]\&\s-2\u[53]\d\s+2 service by adding an appropriate access control rule\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSecurity\fR .ps -1 .br .PP It is critical for any such rule to require the \m[blue]\fBdacs_admin()\fR\m[]\&\s-2\u[54]\d\s+2 predicate\&. .sp .5v .RE .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .PP .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Because the records are currently not keyed, at present only the file item type is supported for this purpose\&. A configuration directive similar to the following would be used: .sp .if n \{\ .RS 4 .\} .nf VFS "[user_info]file://${Conf::FEDERATIONS_ROOT}/${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/user_info" .fi .if n \{\ .RE .\} .sp .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The \m[blue]\fBdacs_admin(8)\fR\m[]\&\s-2\u[55]\d\s+2 tools provides an interface to these records\&. It should eventually be extended to collect and organize records found at all jurisdictions in a federation to facilitate analysis\&. Because they are text files with a relatively simple format, administrators should not find it difficult to apply common text processing tools or write short, custom programs for this purpose\&. Commands analogous to \m[blue]\fBlast(1)\fR\m[]\&\s-2\u[56]\d\s+2, \m[blue]\fBwho(1)\fR\m[]\&\s-2\u[57]\d\s+2, and \m[blue]\fBsa(8)\fR\m[]\&\s-2\u[58]\d\s+2 are being considered\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Each jurisdiction should write records to its own place (i\&.e\&., jurisdictions should not share the same VFS object for user_info)\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} This database will grow indefinitely; an administrator is responsible for rotating or truncating it\&. If previous and active sign on information is important (see \m[blue]\fBdacs_current_credentials(8)\fR\m[]\&\s-2\u[59]\d\s+2), prune only the request records (i\&.e\&., the acs elements)\&. Another acceptable method is to discard (or archive) some proportion of older records (say, half) and keep some of the newer records\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The data format is subject to change\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} A directive to enable or disable this feature at run\-time may be added\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Internal administrative events are not recorded\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Because signing off (via \m[blue]\fBdacs_signout(8)\fR\m[]\&\s-2\u[60]\d\s+2) is optional, the end of a session can sometimes only be inferred or approximated from the expiry of credentials or the time of the last recorded event\&. .RE .sp .5v .RE .SH "OPTIONS" .PP \fBDACS\fR programs and web services get much of their run\-time configuration information by reading configuration files and examining environment variables\&. Some configuration information can be provided at compile\-time\&. Several command line flags may be used to override default behaviour\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} All \fIdacsoptions\fR flags are processed left\-to\-right and must appear before any command\-specific flag or argument\&. The first flag or argument that is not recognized as one of the \fIdacsoptions\fR terminates the list\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The most important \fIdacsoptions\fR are those that specify the location of configuration files and identify the jurisdiction section to use within a configuration file\&. Depending on the program and how it is used, configuration information may not be needed, may be optional, or may be required\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} At most one of the command line flags to select a jurisdiction section can be specified\&. Refer to \m[blue]\fBdacs\&.conf(5)\fR\m[]\&\s-2\u[48]\d\s+2 for additional information on the configuration file and configuration processing\&. .RE .sp .5v .RE .PP Many \fBDACS\fR utilities recognize the following standard options, which are called \fIdacsoptions\fR: .PP \fB\-c\fR \fIdacs\&.conf\fR .RS 4 This tells \fBDACS\fR where it can find a configuration file for the jurisdiction on whose behalf it is acting\&. If this argument is not present, depending on how it was built, \fBDACS\fR may either try to use a compile\-time specified file or it will try to use the value of the environment variable \fB\m[blue]\fBDACS_CONF\fR\m[]\&\s-2\u[61]\d\s+2\fR\&. For details, refer to \m[blue]\fBLocating dacs\&.conf and site\&.conf\fR\m[]\&\s-2\u[62]\d\s+2\&. .RE .PP \fB\-D\fR\fB\fIname\fR\fR\fB=\fR\fB\fIvalue\fR\fR .RS 4 The effect of this flag is to define variable \fI\fIname\fR\fR (which must be syntactically valid) in the \fIDACS\fR namespace to have the value \fIvalue\fR\&. Any quotes around \fIvalue\fR are retained, provided the shell has not already stripped them off\&. This flag may be repeated\&. These variables can subsequently be tested during configuration processing and rule processing; for example, the value of a configuration directive might depend on the value of a \fIdacsoptions\fR flag\&. Defining a \fI\fIname\fR\fR that happens to correspond to a \fIdacsoptions\fR flag has no effect other than to create the variable\&. .sp All \fIdacsoptions\fR flags (\fIexcluding this one\fR) are automatically added to the \fIDACS\fR namespace as they are processed\&. A flag that is a "singleton" (e\&.g\&., \fB\-q\fR) is initially assigned a value of one and is incremented on each subsequent appearance\&. A flag of the form \fI\-flag\fR \fIvalue\fR is equivalent to \fB\-D\fR\fB\fI\-flag\fR\fR\fB=\fR\fB\fIvalue\fR\fR\&. Unused flags are undefined; if \fB\-q\fR is not given, \fI${DACS::\-q}\fR will not be defined\&. For those flags that have synonyms, a variable for each synonym is created\&. If the \fIname\fR is used, explicitly or implicitly, later values replace earlier ones\&. .sp For example, if the \fIdacsoptions\fR are: .sp .if n \{\ .RS 4 .\} .nf \-c www\&.example\&.com \-v \-\-verbose \-Dfoo="baz" \-ll debug \-D\-ll=trace .fi .if n \{\ .RE .\} .sp then variables will be defined as follows: .sp .if n \{\ .RS 4 .\} .nf ${DACS::\-c} is "www\&.example\&.com" ${DACS::\-v} is "2" ${DACS::\-\-verbose} is "2" ${DACS::foo} is "\e"baz\e"" ${DACS::\-ll} is "trace" .fi .if n \{\ .RE .\} .sp The debugging level will be debug and not trace\&. .RE .PP \fB\-\-checkdigest\fR \fB\fIdigest\-desc\fR\fR .RS 4 Validate the syntax of digest descriptor \fIdigest\-desc\fR, as it might appear as the value of the \m[blue]\fBPASSWORD_DIGEST\fR\m[]\&\s-2\u[63]\d\s+2 directive\&. In addition to the digest name, the given argument names and values are checked\&. A numeric algorithm identifier can be given as a synonym for the algorithm name\&. The descriptor is printed in canonical form\&. .RE .PP \fB\-\-digests\fR [\fB\fIdigest\-name\fR\fR] .RS 4 With no \fIdigest\-name\fR, list information about all available cryptographic digest algorithms, otherwise only \fIdigest\-name\fR\&. The information includes: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} the canonical name for the digest .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} the digest\*(Aqs block size, in bytes ("bsize"), .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} the digest size, in bytes ("dsize"), .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} the internal password algorithm identifier ("alg", an unsigned integer), and .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} its attributes: whether the algorithm can be used with \m[blue]\fBPASSWORD_DIGEST\fR\m[]\&\s-2\u[63]\d\s+2 ("Password"), HMAC constructs ("HMAC"), digital signatures ("Sign"), scrypt ("scrypt"), PBKDF2 ("PBKDF2"), if it requires parameters ("Parameters"), whether it produces a variable\-length digest ("Varlen"), and its implementation ("OpenSSL", "DACS", or "System")\&. .RE .sp A digest size of zero also indicates that there is a variable\-length output, which may depend on any of the arguments to the digest function\&. After printing to stdout, the program exits immediately\&. For convenience, \fB\-\-digest\fR is a synonym\&. .RE .PP \fB\-\-dumpenv\fR .RS 4 Print all environment variables to stdout and then exit immediately\&. .RE .PP \fB\-\-enable\-dump\fR .RS 4 By default, \fBDACS\fR web services and most commands disable core dump generation as a security precaution\&. Because a core dump can be useful when debugging, this flag allows it to be created\&. As programs that are allowed to produce a core dump must change to the \fIDACS_HOME\fR directory, core dumps will be written there\&. Use this flag with care\&. .RE .PP \fB\-format\fR \fIfmt\fR .RS 4 The output format is set to \fIfmt\fR, which is one of the following keywords (case insensitive): file, html, json, php, plain, text, xml, xmldtd, xmlsimple, xmlschema, uri, or url\&. Not all output formats are supported by all programs\&. This flag overrides any \m[blue]\fBFORMAT\fR\m[]\&\s-2\u[64]\d\s+2 argument to a web service, which in turn overrides a program\*(Aqs default format\&. The default format depends on the particular program and way it is invoked\&. For additional information, refer to the \m[blue]\fBdescription of the \fIFORMAT\fR argument\fR\m[]\&\s-2\u[64]\d\s+2\&. .RE .PP \fB\-ll\fR \fIlogging\-level\fR .RS 4 The logging level is set to \fIlog\-level\fR, which is one of the keywords recognized by the \m[blue]\fBLOG_FILTER\fR\m[]\&\s-2\u[65]\d\s+2 directive\&. .RE .PP \fB\-\-license\fR .RS 4 Print the license for \fBDACS\fR to stdout and then exit immediately\&. .RE .PP \fB\-q\fR .RS 4 Be quiet\&. This is equivalent to setting the logging level to warn\&. .RE .PP \fB\-sc\fR \fIsite\&.conf\fR .RS 4 This tells \fBDACS\fR that it can find a configuration file for the jurisdiction on whose behalf it is acting\&. If this argument is not present, depending on how it was built, \fBDACS\fR may either try to use a compile\-time specified file or it will try to use the value of the environment variable \fB\m[blue]\fBDACS_CONF\fR\m[]\&\s-2\u[61]\d\s+2\fR\&. For details, refer to \m[blue]\fBLocating dacs\&.conf and site\&.conf\fR\m[]\&\s-2\u[62]\d\s+2\&. .RE .PP \fB\-\-std\fR .RS 4 This flags the end of the common arguments\&. The next command line argument, if any, is specific to the program\&. .RE .PP \fB\-t\fR .RS 4 Emit tracing information\&. This is equivalent to setting the logging level to trace\&. (Also see \m[blue]\fBdebug_dacs\fR\m[]\&\s-2\u[66]\d\s+2\&.) .RE .PP \fB\-u\fR \fIconfig\-uri\fR .RS 4 This instructs \fBDACS\fR to use \fIconfig\-uri\fR to select the jurisdiction section to use in the configuration file\&. For details, refer to \m[blue]\fBThe Jurisdiction Section\fR\m[]\&\s-2\u[67]\d\s+2\&. .RE .PP \fB\-uj\fR \fIjurisdiction\-name\fR .RS 4 This instructs \fBDACS\fR to use the jurisdiction name \fIjurisdiction\-name\fR to select the jurisdiction section to use in the configuration file\&. For details, refer to \m[blue]\fBThe Jurisdiction Section\fR\m[]\&\s-2\u[67]\d\s+2\&. .RE .PP \fB\-un\fR .RS 4 This instructs \fBDACS\fR not to process site\&.conf or dacs\&.conf\&. This may only be used with a small number of commands, such as \m[blue]\fBdacsacl(1)\fR\m[]\&\s-2\u[68]\d\s+2 and \m[blue]\fBsslclient(1)\fR\m[]\&\s-2\u[4]\d\s+2\&. .RE .PP \fB\-up\fR \fIjurisdiction\-name\fR .RS 4 NOT IMPLEMENTED\&. This instructs \fBDACS\fR to use the jurisdiction name \fIjurisdiction\-name\fR to select the jurisdiction section to use in the configuration file and tells it that the web server is acting as a forward proxy; that is, \fIjurisdiction\-name\fR does not necessarily "own" the requested URL\&. For details, refer to \m[blue]\fBThe Jurisdiction Section\fR\m[]\&\s-2\u[67]\d\s+2\&. .RE .PP \fB\-us\fR .RS 4 This instructs \fBDACS\fR to use the one\-and\-only jurisdiction section that appears in the configuration file\&. That is, the configuration file must contain exactly one jurisdiction section and that is the one that should be used\&. For details, refer to \m[blue]\fBThe Jurisdiction Section\fR\m[]\&\s-2\u[67]\d\s+2\&. .RE .PP \fB\-v\fR .br \fB\-\-verbose\fR .RS 4 Be more verbose, relative to the current logging level\&. This flag may be repeated\&. .RE .PP \fB\-\-version\fR .RS 4 Print version information to stderr immediately and then exit\&. If the \fB\-v\fR (\fB\-\-verbose\fR) flag appeared earlier on the command line, also print version information for each \fBDACS\fR source code file used by this program that was compiled with a recognized revision identifier string\&. This information can be helpful when debugging suspected build problems\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br Complete version information is available only for statically linked programs\&. Also see \m[blue]\fBdacsversion(1)\fR\m[]\&\s-2\u[69]\d\s+2 and \m[blue]\fBdacs_version(8)\fR\m[]\&\s-2\u[70]\d\s+2\&. .sp .5v .RE .RE .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBTip\fR .ps -1 .br .PP If no command line flag is given to specify the jurisdiction section, the value of the environment variable \fBDEFAULT_JURISDICTION\fR will be used as if given with the \fB\-uj\fR flag\&. This can be particularly useful when a host has only one jurisdiction configured because it makes it unnecessary to always specify the jurisdiction for \fBDACS\fR commands\&. .sp .5v .RE .SH "ENVIRONMENT" .PP \fBSERVER_NAME\fR, \fBSERVER_PORT\fR, \fBREQUEST_URI\fR .RS 4 May be used to determine the applicable jurisdiction\&. .RE .SH "FILES" .PP dacs\&.conf .RS 4 .RE .PP site\&.conf .RS 4 .RE .SH "SEE ALSO" .PP \m[blue]\fBDACS manual pages\fR\m[]\&\s-2\u[71]\d\s+2, \m[blue]\fBdacs_admin(8)\fR\m[]\&\s-2\u[55]\d\s+2, \m[blue]\fBdacs\&.install(7)\fR\m[]\&\s-2\u[6]\d\s+2, \m[blue]\fBdacs\&.readme(7)\fR\m[]\&\s-2\u[5]\d\s+2, \m[blue]\fBdacs\&.services(8)\fR\m[]\&\s-2\u[72]\d\s+2 .SH "NOTES" .PP Whether using \fBDACS\fR, \fBApache\fR, or both for authentication and authorization, always test that resources are being protected according to your requirements\&. This is especially important when upgrading or reconfiguring \fBDACS\fR or \fBApache\fR\&. .PP Compatibility and interoperability with \fBApache\fR authentication/authorization features and configuration may change as \fBApache\fR evolves\&. For a particular set of \fBDACS\fR\-wrapped resources (e\&.g\&., URLs in the scope of a given Location section), it is easiest, safest, and most predictable if as much as possible is delegated to \fBDACS\fR rather than combining \fBDACS\fR with \fBApache\fR authentication/authorization modules and directives beyond the minimal configuration\&. Non\-minimal combinations may cause \fBDACS\fR or \fBApache\fR to function incorrectly, so they should be avoided or used with care\&. This is particularly important with respect to \fBApache\fR 2\&.4, which has greatly expanded the number of directives associated with authentication and authorization\&. .SH "BUGS" .PP There should be some assistance for administering \m[blue]\fBuser activity records\fR\m[]\&\s-2\u[73]\d\s+2\&. .SH "AUTHOR" .PP Distributed Systems Software (\m[blue]\fBwww\&.dss\&.ca\fR\m[]\&\s-2\u[74]\d\s+2) .SH "COPYING" .PP Copyright \(co 2003\-2018 Distributed Systems Software\&. See the \m[blue]\fBLICENSE\fR\m[]\&\s-2\u[75]\d\s+2 file that accompanies the distribution for licensing information\&. .SH "NOTES" .IP " 1." 4 dacsoptions .RS 4 \%http://dacs.dss.ca/man/dacs.1.html#dacsoptions .RE .IP " 2." 4 mod_auth_dacs .RS 4 \%http://dacs.dss.ca/man/mod_auth_dacs.html .RE .IP " 3." 4 dacshttp(1) .RS 4 \%http://dacs.dss.ca/man/dacshttp.1.html .RE .IP " 4." 4 sslclient(1) .RS 4 \%http://dacs.dss.ca/man/sslclient.1.html .RE .IP " 5." 4 dacs.readme(7) .RS 4 \%http://dacs.dss.ca/man/dacs.readme.7.html .RE .IP " 6." 4 dacs.install(7) .RS 4 \%http://dacs.dss.ca/man/dacs.install.7.html .RE .IP " 7." 4 Denial of service attacks .RS 4 \%http://en.wikipedia.org/wiki/Denial-of-service_attack .RE .IP " 8." 4 Cross-site scripting (XSS) .RS 4 \%http://en.wikipedia.org/wiki/Cross-site_scripting .RE .IP " 9." 4 Cross-site request forgery (CSRF) .RS 4 \%http://en.wikipedia.org/wiki/Cross-site_request_forgery .RE .IP "10." 4 index page .RS 4 \%http://dacs.dss.ca/man/index.html .RE .IP "11." 4 man(1) .RS 4 \%https://www.freebsd.org/cgi/man.cgi?query=man&apropos=0&sektion=1&manpath=FreeBSD+10.3-RELEASE&format=html .RE .IP "12." 4 less(1) .RS 4 \%https://www.freebsd.org/cgi/man.cgi?query=less&apropos=0&sektion=1&manpath=FreeBSD+10.3-RELEASE&format=html .RE .IP "13." 4 RFC 2606 .RS 4 \%http://www.rfc-editor.org/rfc/rfc2606.txt .RE .IP "14." 4 dacsexpr(1) .RS 4 \%http://dacs.dss.ca/man/dacsexpr.1.html .RE .IP "15." 4 BNF notation .RS 4 \%http://en.wikipedia.org/wiki/Backus%E2%80%93Naur_form .RE .IP "16." 4 Authorization Caching .RS 4 \%http://dacs.dss.ca/man/dacs_acs.8.html#authorization_caching .RE .IP "17." 4 Rlinks .RS 4 \%http://dacs.dss.ca/man/dacs_acs.8.html#rlinks .RE .IP "18." 4 capability-based system .RS 4 \%http://en.wikipedia.org/wiki/Capabilities .RE .IP "19." 4 dacs_authenticate(8) .RS 4 \%http://dacs.dss.ca/man/dacs_authenticate.8.html#credentials .RE .IP "20." 4 dacs_acs(8) .RS 4 \%http://dacs.dss.ca/man/dacs_acs.8.html .RE .IP "21." 4 dacscheck(1) .RS 4 \%http://dacs.dss.ca/man/dacscheck.1.html .RE .IP "22." 4 execution environment .RS 4 \%https://www.freebsd.org/cgi/man.cgi?query=environ&apropos=0&sektion=7&manpath=FreeBSD+10.3-RELEASE&format=html .RE .IP "23." 4 current federation .RS 4 \%http://dacs.dss.ca/man/#current_federation .RE .IP "24." 4 current jurisdiction .RS 4 \%http://dacs.dss.ca/man/#current_jurisdiction .RE .IP "25." 4 ADMIN_IDENTITY .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html#ADMIN_IDENTITY .RE .IP "26." 4 NAME_COMPARE .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html#NAME_COMPARE .RE .IP "27." 4 user() .RS 4 \%http://dacs.dss.ca/man/dacs.exprs.5.html#user .RE .IP "28." 4 VFS .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html#VFS .RE .IP "29." 4 FEDERATION_NAME .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html#FEDERATION_NAME .RE .IP "30." 4 FEDERATION_DOMAIN .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html#FEDERATION_DOMAIN .RE .IP "31." 4 JURISDICTION_NAME .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html#JURISDICTION_NAME .RE .IP "32." 4 DACS_IDENTITY .RS 4 \%http://dacs.dss.ca/man/dacs_acs.8.html#var_env_dacs_identity .RE .IP "33." 4 DACS_USERNAME .RS 4 \%http://dacs.dss.ca/man/dacs_acs.8.html#var_env_dacs_username .RE .IP "34." 4 RFC 2396 .RS 4 \%http://www.rfc-editor.org/rfc/rfc2396.txt .RE .IP "35." 4 RFC 822 .RS 4 \%http://www.rfc-editor.org/rfc/rfc822.txt .RE .IP "36." 4 RFC 3696 .RS 4 \%http://www.rfc-editor.org/rfc/rfc3696.txt .RE .IP "37." 4 EXIT* .RS 4 \%http://dacs.dss.ca/man/dacs_authenticate.8.html#auth_directive_index .RE .IP "38." 4 setvar() .RS 4 \%http://dacs.dss.ca/man/dacs.exprs.5.html#setvar .RE .IP "39." 4 dacs.groups(5) .RS 4 \%http://dacs.dss.ca/man/dacs.groups.5.html#roles .RE .IP "40." 4 DACS identity .RS 4 \%http://dacs.dss.ca/man/#dacs_identity .RE .IP "41." 4 dacs_authenticate(8) .RS 4 \%http://dacs.dss.ca/man/dacs_authenticate.8.html .RE .IP "42." 4 dacs.groups(5) .RS 4 \%http://dacs.dss.ca/man/dacs.groups.5.html .RE .IP "43." 4 strptime(3) .RS 4 \%https://www.freebsd.org/cgi/man.cgi?query=strptime&apropos=0&sektion=3&manpath=FreeBSD+10.3-RELEASE&format=html .RE .IP "44." 4 \fIdacsoptions\fR .RS 4 \%http://dacs.dss.ca/man/#dacsoptions .RE .IP "45." 4 --enable-dump .RS 4 \%http://dacs.dss.ca/man/#enable-dump-arg .RE .IP "46." 4 fcntl(2) .RS 4 \%https://www.freebsd.org/cgi/man.cgi?query=fcntl&apropos=0&sektion=2&manpath=FreeBSD+10.3-RELEASE&format=html .RE .IP "47." 4 TEMP_DIRECTORY .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html#TEMP_DIRECTORY .RE .IP "48." 4 dacs.conf(5) .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html .RE .IP "49." 4 --enab le-hush-startup-logging .RS 4 \%http://dacs.dss.ca/man/dacs.install.7.html#build_flag_--enable-hush-startup-logging .RE .IP "50." 4 LOG_FORMAT .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html#LOG_FORMAT .RE .IP "51." 4 dacs.install(7) .RS 4 \%http://dacs.dss.ca/man/dacs.install.7.html#configure_options .RE .IP "52." 4 dacs_user_info.dtd .RS 4 \%http://dacs.dss.ca/man/../dtd-xsd/dacs_user_info.dtd .RE .IP "53." 4 dacs_vfs(8) .RS 4 \%http://dacs.dss.ca/man/dacs_vfs.8.html .RE .IP "54." 4 dacs_admin() .RS 4 \%http://dacs.dss.ca/man/dacs.exprs.5.html#DACS_ADMIN .RE .IP "55." 4 dacs_admin(8) .RS 4 \%http://dacs.dss.ca/man/dacs_admin.8.html .RE .IP "56." 4 last(1) .RS 4 \%https://www.freebsd.org/cgi/man.cgi?query=last&apropos=0&sektion=1&manpath=FreeBSD+10.3-RELEASE&format=html .RE .IP "57." 4 who(1) .RS 4 \%https://www.freebsd.org/cgi/man.cgi?query=who&apropos=0&sektion=1&manpath=FreeBSD+10.3-RELEASE&format=html .RE .IP "58." 4 sa(8) .RS 4 \%https://www.freebsd.org/cgi/man.cgi?query=sa&apropos=0&sektion=8&manpath=FreeBSD+10.3-RELEASE&format=html .RE .IP "59." 4 dacs_current_credentials(8) .RS 4 \%http://dacs.dss.ca/man/dacs_current_credentials.8.html .RE .IP "60." 4 dacs_signout(8) .RS 4 \%http://dacs.dss.ca/man/dacs_signout.8.html .RE .IP "61." 4 DACS_CONF .RS 4 \%http://dacs.dss.ca/man/dacs_acs.8.html#var_env_dacs_conf .RE .IP "62." 4 Locating dacs.conf and site.conf .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html#locating_dacs.conf .RE .IP "63." 4 PASSWORD_DIGEST .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html#PASSWORD_DIGEST .RE .IP "64." 4 FORMAT .RS 4 \%http://dacs.dss.ca/man/dacs.services.8.html#FORMAT .RE .IP "65." 4 LOG_FILTER .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html#logging_levels .RE .IP "66." 4 debug_dacs .RS 4 \%http://dacs.dss.ca/man/dacs_acs.8.html#debug_dacs .RE .IP "67." 4 The Jurisdiction Section .RS 4 \%http://dacs.dss.ca/man/dacs.conf.5.html#jurisdiction_section .RE .IP "68." 4 dacsacl(1) .RS 4 \%http://dacs.dss.ca/man/dacsacl.1.html .RE .IP "69." 4 dacsversion(1) .RS 4 \%http://dacs.dss.ca/man/dacsversion.1.html .RE .IP "70." 4 dacs_version(8) .RS 4 \%http://dacs.dss.ca/man/dacs_version.8.html .RE .IP "71." 4 DACS manual pages .RS 4 \%http://dacs.dss.ca/man/../man/index.html .RE .IP "72." 4 dacs.services(8) .RS 4 \%http://dacs.dss.ca/man/dacs.services.8.html .RE .IP "73." 4 user activity records .RS 4 \%http://dacs.dss.ca/man/#tracking_user_activity .RE .IP "74." 4 www.dss.ca .RS 4 \%http://www.dss.ca .RE .IP "75." 4 LICENSE .RS 4 \%http://dacs.dss.ca/man/../misc/LICENSE .RE