[hcoop/debian/openafs.git] / doc / man-pages / pod8 / uss.pod

=head1 NAME

uss - Introduction to the uss command suite (deprecated)

=head1 CAUTIONS

The B<uss> command suite is currently designed for cells using the
obsolete Authentication Server, and therefore is primarily useful for
sites that have not yet migrated to a Kerberos version 5 KDC. The
Authentication Server and supporting commands will be removed in a future
version of OpenAFS, which may include B<uss> unless someone who finds it
useful converts it to work with a Kerberos version 5 KDC.

=head1 DESCRIPTION

The commands in the B<uss> command suite help administrators to create AFS
user accounts more easily and efficiently for cells using the obsolete
Authentication Server. If B<uss> commands are not used, creating an
account requires issuing at least six separate commands to five different
AFS servers.

There are three main commands in the suite:

=over 4

=item *

The B<uss add> command creates a single complete user account, based on
command line arguments and instructions in a template file.

=item *

The B<uss bulk> command creates multiple complete accounts at once, based
on command line arguments, instructions in a template file and a bulk
input file.

=item *

The B<uss delete> command removes most parts of a user account.

=back

To obtain help, issue the B<uss apropos> and B<uss help> commands.

=head1 OPTIONS

The following arguments and flags are available on many commands in the
B<uss> suite. The reference page for each command also lists them, but
they are described here in greater detail.

=over 4

=item B<-admin> <I<administrator to authenticate>>

Specifies the AFS user name under which to establish a connection to the
AFS server processes that administer the various parts of a user
account. If it is omitted, the connection is established under the
issuer's effective user ID (his or her identity in the local file
system). Even when this argument is included, UNIX commands that run
during the B<uss> operation (for instance, the UNIX F</etc/chown> command)
run under the effective user ID.

=item B<-cell> <I<cell name>>

Names the cell in which to run the command. It is acceptable to abbreviate
the cell name to the shortest form that distinguishes it from the other
entries in the F</usr/vice/etc/CellServDB> file on the local machine. If
the B<-cell> argument is omitted, the command interpreter determines the
name of the local cell by reading the following in order:

=over 4

=item *

The value of the AFSCELL environment variable.

=item *

The local F</usr/vice/etc/ThisCell> file.

=back

=item B<-dryrun>

Reports actions that the command interpreter needs to perform when
executing the B<uss> operation, without actually performing them. Include
this flag to verify that the command produces the desired account
configuration. Combine it with the B<-verbose> flag to yield even more
detailed information. Note that the output does not necessarily reveal all
possible problems that can prevent successful execution of the command,
especially those that result from transient server or network outages.

=item B<-help>

Prints a command's online help message on the standard output stream. Do
not combine this flag with any of the command's other options; when it is
provided, the command interpreter ignores all other options, and only
prints the help message.

=item B<-skipauth>

Bypasses mutual authentication with the AFS Authentication Server, allowing
a site that uses Kerberos instead of the AFS Authentication Server to
substitute that form of authentication. If this option is given, B<uss> does
not create or manipulate Kerberos principals. A Kerberos principal must be
created separately from the B<uss add> command.

=back

=head1 PRIVILEGE REQUIRED

The issuer of a B<uss> command must have all the rights required for
performing the equivalent actions individually. See each B<uss> command's
reference page.

=head1 SEE ALSO

L<uss(5)>,
L<uss_bulk(5)>,
L<uss_add(8)>,
L<uss_apropos(8)>,
L<uss_bulk(8)>,
L<uss_delete(8)>,
L<uss_help(8)>

=head1 COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0.  It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Commit	Line	Data
805e021f CE	1	=head1 NAME
	2
	3	uss - Introduction to the uss command suite (deprecated)
	4
	5	=head1 CAUTIONS
	6
	7	The B<uss> command suite is currently designed for cells using the
	8	obsolete Authentication Server, and therefore is primarily useful for
	9	sites that have not yet migrated to a Kerberos version 5 KDC. The
	10	Authentication Server and supporting commands will be removed in a future
	11	version of OpenAFS, which may include B<uss> unless someone who finds it
	12	useful converts it to work with a Kerberos version 5 KDC.
	13
	14	=head1 DESCRIPTION
	15
	16	The commands in the B<uss> command suite help administrators to create AFS
	17	user accounts more easily and efficiently for cells using the obsolete
	18	Authentication Server. If B<uss> commands are not used, creating an
	19	account requires issuing at least six separate commands to five different
	20	AFS servers.
	21
	22	There are three main commands in the suite:
	23
	24	=over 4
	25
	26	=item *
	27
	28	The B<uss add> command creates a single complete user account, based on
	29	command line arguments and instructions in a template file.
	30
	31	=item *
	32
	33	The B<uss bulk> command creates multiple complete accounts at once, based
	34	on command line arguments, instructions in a template file and a bulk
	35	input file.
	36
	37	=item *
	38
	39	The B<uss delete> command removes most parts of a user account.
	40
	41	=back
	42
	43	To obtain help, issue the B<uss apropos> and B<uss help> commands.
	44
	45	=head1 OPTIONS
	46
	47	The following arguments and flags are available on many commands in the
	48	B<uss> suite. The reference page for each command also lists them, but
	49	they are described here in greater detail.
	50
	51	=over 4
	52
	53	=item B<-admin> <I<administrator to authenticate>>
	54
	55	Specifies the AFS user name under which to establish a connection to the
	56	AFS server processes that administer the various parts of a user
	57	account. If it is omitted, the connection is established under the
	58	issuer's effective user ID (his or her identity in the local file
	59	system). Even when this argument is included, UNIX commands that run
	60	during the B<uss> operation (for instance, the UNIX F</etc/chown> command)
	61	run under the effective user ID.
	62
	63	=item B<-cell> <I<cell name>>
	64
65	Names the cell in which to run the command. It is acceptable to abbreviate
66	the cell name to the shortest form that distinguishes it from the other
67	entries in the F</usr/vice/etc/CellServDB> file on the local machine. If
68	the B<-cell> argument is omitted, the command interpreter determines the
69	name of the local cell by reading the following in order:
70
71	=over 4
72
73	=item *
74
75	The value of the AFSCELL environment variable.
76
77	=item *
78
79	The local F</usr/vice/etc/ThisCell> file.
80
81	=back
82
83	=item B<-dryrun>
84
85	Reports actions that the command interpreter needs to perform when
86	executing the B<uss> operation, without actually performing them. Include
87	this flag to verify that the command produces the desired account
88	configuration. Combine it with the B<-verbose> flag to yield even more
89	detailed information. Note that the output does not necessarily reveal all
90	possible problems that can prevent successful execution of the command,
91	especially those that result from transient server or network outages.
92
93	=item B<-help>
94
95	Prints a command's online help message on the standard output stream. Do
96	not combine this flag with any of the command's other options; when it is
97	provided, the command interpreter ignores all other options, and only
98	prints the help message.
99
100	=item B<-skipauth>
101
102	Bypasses mutual authentication with the AFS Authentication Server, allowing
103	a site that uses Kerberos instead of the AFS Authentication Server to
104	substitute that form of authentication. If this option is given, B<uss> does
105	not create or manipulate Kerberos principals. A Kerberos principal must be
106	created separately from the B<uss add> command.
107
108	=back
109
110	=head1 PRIVILEGE REQUIRED
111
112	The issuer of a B<uss> command must have all the rights required for
113	performing the equivalent actions individually. See each B<uss> command's
114	reference page.
115
116	=head1 SEE ALSO
117
118	L<uss(5)>,
119	L<uss_bulk(5)>,
120	L<uss_add(8)>,
121	L<uss_apropos(8)>,
122	L<uss_bulk(8)>,
123	L<uss_delete(8)>,
124	L<uss_help(8)>
125
126	=head1 COPYRIGHT
127
128	IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
129
130	This documentation is covered by the IBM Public License Version 1.0. It was
131	converted from HTML to POD by software written by Chas Williams and Russ
132	Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.