Commit | Line | Data |
---|---|---|
805e021f CE |
1 | =head1 NAME |
2 | ||
3 | NoAuth - Disables authorization checking | |
4 | ||
5 | =head1 DESCRIPTION | |
6 | ||
7 | The F<NoAuth> file, if present in a server machine's F</usr/afs/local> | |
8 | directory, indicates to the AFS server processes running on the machine | |
9 | that it is not necessary to perform authorization checking. They perform | |
10 | any action for any user who logs into the machine's local file system or | |
11 | issues a remote command that affects the machine's AFS server functioning, | |
12 | such as commands from the AFS command suites. Because failure to check | |
13 | authorization exposes the machine's AFS server functionality to attack, | |
14 | there are normally only two circumstances in which the file is present: | |
15 | ||
16 | =over 4 | |
17 | ||
18 | =item * | |
19 | ||
20 | During installation of the machine, as instructed in the I<OpenAFS Quick | |
21 | Start Guide>. | |
22 | ||
23 | =item * | |
24 | ||
25 | During correction of a server encryption key emergency, as discussed in | |
26 | the I<OpenAFS Administration Guide>. | |
27 | ||
28 | =back | |
29 | ||
30 | In all other circumstances, the absence of the file means that the AFS | |
31 | server processes perform authorization checking, verifying that the issuer | |
32 | of a command has the required privilege. | |
33 | ||
34 | Create the file in one of the following ways: | |
35 | ||
36 | =over 4 | |
37 | ||
38 | =item * | |
39 | ||
40 | By issuing the bosserver initialization command with the B<-noauth> flag, | |
41 | if the Basic OverSeer (BOS) Server is not already running. | |
42 | ||
43 | =item * | |
44 | ||
45 | By issuing the B<bos setauth> command with off as the value for the | |
46 | B<-authrequired> argument, if the BOS Server is already running. | |
47 | ||
48 | =back | |
49 | ||
50 | To remove the file, issue the B<bos setauth> command with C<on> as the | |
51 | value for the B<-authrequired> argument. | |
52 | ||
53 | The file's contents, if any, are ignored; an empty (zero-length) file is | |
54 | effective. | |
55 | ||
56 | =head1 SEE ALSO | |
57 | ||
58 | L<bos_setauth(8)>, | |
59 | L<bosserver(8)> | |
60 | ||
61 | =head1 COPYRIGHT | |
62 | ||
63 | IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. | |
64 | ||
65 | This documentation is covered by the IBM Public License Version 1.0. It was | |
66 | converted from HTML to POD by software written by Chas Williams and Russ | |
67 | Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. |