Man pages sections > man1 > dacsinfocard

dacsinfocard - manage InfoCard accounts

DACSINFOCARD(1) DACS Commands Manual DACSINFOCARD(1)

NAME

dacsinfocard - manage InfoCard accounts

SYNOPSIS

dacsinfocard [ dacsoptions[1]]

DESCRIPTION

This program is part of the DACS suite.
The dacsinfocard command manages accounts that are used by the local_infocard_authenticate[2] authentication module. This utility serves a similar purpose for these authentication modules that the dacspasswd(1)[3] command does for its local_passwd_authenticate[4] module.
Apart from their use by local_infocard_authenticate, these accounts are completely separate from any other accounts.
 
 
Security
 
 
The digest algorithm used depends on the INFOCARD_DIGEST[5] directive in effect.
Plaintext PPIDs are not stored. This makes it more difficult for an attacker that gains access to the InfoCard account file to discover PPIDs.
Only a DACS administrator should be able to successfully run this program from the command line. Because DACS keys and configuration files, including the file used to store accounts, must be restricted to an administrator, this will normally be the case, but a careful administrator will set file permissions to deny access to all other users. An ordinary user is able to change his own InfoCard registration using the dacs_infocard(8)[6] web service.
 
This program is also available as a DACS web service, dacs_infocard(8)[6].

OPTIONS

The dacsinfocard command recognizes these command line flags:

EXAMPLES

To list all of the InfoCard accounts configured for the jurisdiction named INFOCARDS:
 
% dacsinfocard -uj INFOCARDS -list
DSS::INFOCARDS:bob managed,istatic,enabled,passwd
DSS::INFOCARDS:alice managed,istatic,disabled,passwd
To re-enable the alice account:
 
% dacsinfocard -uj INFOCARDS -ena alice
To test if alice's account is enabled:
 
% dacsinfocard -uj INFOCARDS -test ena alice
% echo $status
0
To test if there are accounts for usernames bob and carol:
 
% dacsinfocard -uj INFOCARDS -test exists carol
% echo $status
0
% dacsinfocard -uj INFOCARDS -test exists bob
% echo $status
1
To get the private data for username bob:
 
% set x=`dacsinfocard -uj INFOCARDS -pdg bob`
% echo "$x"
On vacation
 

DIAGNOSTICS

The program exits 0 if everything was fine, and non-zero otherwise. A "false" outcome from the -test operation is reflected by an exit status of 1. An error condition is indicated by an exit status of 2.

BUGS

As this is a relatively new and complicated feature, please test carefully.

SEE ALSO

dacs_infocard(8)[6], dacsauth(1)[7], dacs_authenticate(8)[8], dacs_admin(8)[9], dacs.conf(5)[10], Using InfoCards With DACS[11]

AUTHOR

Distributed Systems Software ( www.dss.ca[12])

COPYING

Copyright2003-2012 Distributed Systems Software. See the LICENSE[13] file that accompanies the distribution for licensing information.

NOTES

1.
dacsoptions
http://dacs.dss.ca/man/dacs.1.html#dacsoptions
2.
local_infocard_authenticate
http://dacs.dss.ca/man/dacs_authenticate.8.html#local_infocard_authenticate
3.
dacspasswd(1)
http://dacs.dss.ca/man/dacspasswd.1.html
4.
local_passwd_authenticate
http://dacs.dss.ca/man/dacs_authenticate.8.html#local_passwd_authenticate
5.
INFOCARD_DIGEST
http://dacs.dss.ca/man/dacs.conf.5.html#INFOCARD_DIGEST
6.
dacs_infocard(8)
http://dacs.dss.ca/man/dacs_infocard.8.html
7.
dacsauth(1)
http://dacs.dss.ca/man/dacsauth.1.html
8.
dacs_authenticate(8)
http://dacs.dss.ca/man/dacs_authenticate.8.html
9.
dacs_admin(8)
http://dacs.dss.ca/man/dacs_admin.8.html
10.
dacs.conf(5)
http://dacs.dss.ca/man/dacs.conf.5.html
11.
Using InfoCards With DACS
http://dacs.dss.ca/man/using-infocards-with-dacs.html
12.
www.dss.ca
http://www.dss.ca
13.
LICENSE
http://dacs.dss.ca/man/../misc/LICENSE
09/08/2017 DACS 1.4.38a