SECSTORE(8) SECSTORE(8)
NAME
secstored, secuser - secstore commands
SYNOPSIS
auth/secstored [-R] [ -S servername ] [ -s address ] [ -x
network ] [ -v ]
auth/secuser [ -v ] username
DESCRIPTION
Secstored serves requests from secstore(1). By default it
listens on port tcp!*!5356; the -s option specifies an
alternative address. In the connection protocol, secstored
describes itself as service secstore, but the -S option can
specify a different servername. The -R option supplements
the password check with a call to a RADIUS server, for
checking hardware tokens or other validation. The -x option
specifies an alternative network to the default /net. By
default, secstored puts itself into the background; the -v
option enables a verbose debugging mode that suppresses
that.
Secuser is an administrative command that runs on the sec-
store machine, normally the authserver, to create new
accounts and to change status on existing accounts. It
prompts for account information such as password and expira-
tion date, writing to /adm/secstore/who/user for a given
secstore user. The directory /adm/secstore should be created
mode 770 with owner or group allowing access to the user
that runs secstored. The -v option makes the command chat-
tier.
By default, secstored warns the client if no account exists.
If you prefer to obscure this information, use secuser to
create an account FICTITIOUS.
FILES
/adm/secstore/who/user secstore account name, expiration
date, verifier
/adm/secstore/store/user/ user 's file storage
/lib/ndb/auth for mapping local userid to
RADIUS userid
/sys/log/secstore log file (if it does not exist,
secstored logs to /dev/cons)
SOURCE
/sys/src/cmd/auth/secstore
SEE ALSO
secstore(1)
Page 1 Plan 9 (printed 10/28/25)