Node:sfs_users, Next:, Previous:sfsauthd_config, Up:SFS configuration



sfs_users--User-authentication database

The sfs_users file, maintained and used by the sfsauthd program, maps public keys to local users. It is roughly analogous to the Unix /etc/passwd file. Each line of sfs_users has the following format:

user:public-key:credentials:SRP-info:private-key
user
user is the unique name of a public key in the database. Ordinarily it the same as a user-name in the local password file. However, in certain cases it may be useful to map multiple public keys to the same local account (for instance if several people have an account with root privileges). In such cases, each key should be given a unique name (e.g., dm/root, kaminsky/root, etc.).
public-key
Public key is simply the user's public key. A user must posses the corresponding private key to authenticate himself to servers.
credentials
credentials are the credentials associated with a particular SFS public key. It is simply a local username to be looked up in the Unix password and group databases. Ordinarily, credentials should be the same as user unless multiple keys need to be mapped to the same credentials.
SRP-info
SRP-info is the server-side information for the SRP protocol, SRP. Unlike the previous fields, this information must be kept secret. If the information is disclosed, an attacker may be able to impersonate the server by causing the sfskey add command to fetch the wrong HostID. Note also that SRP-info is specific to a particular hostname. If you change the Location of a file server, users will need to register new SRP-info.
private-key
private-key is actually opaque to sfsauthd. It is private, per-user data that sfsauthd will return to users who successfully complete the SRP protocol. Currently, sfskey users this field to store an encrypted copy of a user's private key, allowing the user to retrieve the private key over the network.