| .TH SECSTORED 1 |
| .SH NAME |
| secstored, secuser \- secstore commands |
| .SH SYNOPSIS |
| .br |
| .B secstored |
| [-R] |
| [-S servername] |
| [-s tcp!*!5356] |
| [-x mountpoint] |
| .br |
| .B secuser |
| [-v] |
| username |
| .br |
| .PP |
| .SH DESCRIPTION |
| .PP |
| .I Secstored |
| serves requests from |
| .IR secstore (1). |
| The |
| .B -R |
| option supplements the password check with a |
| call to a RADIUS server, for checking hardware |
| tokens or other validation. |
| The |
| .BR -x mountpoint |
| option specifies an alternative to the default network |
| .BR /net . |
| .PP |
| .I Secuser |
| is an administrative command that runs on the |
| secstore machine, normally the authserver, |
| to create new accounts and |
| to change status on existing accounts. |
| It prompts for account information such as |
| password and expiration date, writing to |
| .BR \*9/secstore/who/$uid . |
| The |
| .B \*9/secstore |
| directory should be created mode 770 for the userid |
| or groupid of the secstored process. |
| .PP |
| By default, |
| .I secstored |
| warns the client if no account exists. |
| If you prefer to obscure this information, use |
| .I secuser |
| to create an account |
| .BR FICTITIOUS . |
| .SH FILES |
| .B \*9/secstore/who/$uid |
| secstore account name, expiration date, verifier |
| .br |
| .B \*9/secstore/store/$uid/ |
| users' files |
| .br |
| .B \*9/ndb/auth |
| for mapping local userid to RADIUS userid |
| .SH SOURCE |
| .B \*9/src/cmd/auth/secstore |
| .SH SEE ALSO |
| .IR secstore (1) |
