ttauth - TT authority file utility
ttauth [ -f authfile ] [ -vqib ] [ command arg ... ]
ttauth(1) ToolTalk Commands ttauth(1) NAME ttauth - TT authority file utility SYNOPSIS ttauth [ -f authfile ] [ -vqib ] [ command arg ... ] DESCRIPTION The ttauth program is used to edit and display the authorization infor- mation used in connecting with Tooltalk. This program is usually used to extract authorization records from one machine and merge them in on another (as is the case when using remote logins or granting access to other users). Commands (described below) may be entered interactively, on the ttauth command line, or in scripts. OPTIONS The following options may be used with ttauth. They may be given indi- vidually (e.g. -q -i) or may be combined (e.g. -qi): -f authfile This option specifies the name of the authority file to use. By default, ttauth will use the file specified by the TTAUTHOR- ITY environment variable or .TTauthority in the user's home directory. -q This option indicates that ttauth should operate quietly and not print unsolicited status messages. This is the default if a ttauth command is given on the command line or if the stan- dard output is not directed to a terminal. -v This option indicates that ttauth should operate verbosely and print status messages indicating the results of various opera- tions (e.g. how many records have been read in or written out). This is the default if ttauth is reading commands from its standard input and its standard output is directed to a termi- nal. -i This option indicates that ttauth should ignore any authority file locks. Normally, ttauth will refuse to read or edit any authority files that have been locked by other programs (usu- ally xdm(1) or another ttauth). -b This option indicates that ttauth should attempt to break any authority file locks before proceeding and should only be used to clean up stale locks. COMMANDS The following commands may be used to manipulate authority files: add protoname protodata netid authname authdata Add an entry into authority file. The entry must consist of the five fields delimited by spaces. protoname used by Tooltalk is TT. protodata used by Tooltalk is an empty string. netid is made up of a combination of Tooltalk Session ID and the IP address of the machine. authname used by Tooltalk is MIT-MAGIC- COOKIE-1. authdata is specified as an even-lengthed string of hexadecimal digits, each pair representing one byte. The first digit of each pair gives the most significant 4 bits of the byte, and the second digit of the pair gives the least signifi- cant 4 bits. For example, a 32 character string would repre- sent a 128-bit value. extract filename <protoname=$> <protodata=$> <netid=$> <authname=$>" Extract entries into file, filename. Authoriza- tion entries that match any of the values specified by either <protoname>, <protodata>, <netid> or <authname>. The extracted entries can be read back in using the merge command. If the filename consists of just a single dash, the entries will be written to the standard output. list <protoname=$> <protodata=$> <netid=$> <authname=$> All authorization entries are printed on the standard output if no selection is specified. Otherwise, only entries that match any of the values specified by either <protoname>, <protodata>, <netid> or <authname> are printed on the standard output. authdata is always displayed in the hexadecimal format given in the description of the add command. merge filename ... Authorization entries are read from the specified files and are merged into the authorization database, superceding any match- ing existing entries. On exit, these entries will then be written from the database to the authority file. remove <protoname=$> <protodata=$> <netid=$> <authname=$> Authorization entries that match any of the values specified by either <protoname>, <protodata>, <netid> or <authname> are removed from the authority file. source filename The specified file is treated as a script containing ttauth commands to execute. Blank lines and lines beginning with a sharp sign (#) are ignored. A single dash may be used to indi- cate the standard input, if it hasn't already been read. info Information describing the authorization file, whether or not any changes have been made, and from where ttauth commands are being read is printed on the standard output. exit If any modifications have been made, the authority file is written out (if allowed), and the program exits. An end of file is treated as an implicit exit command. quit The program exits, ignoring any modifications. This may also be accomplished by issuing SIGINT (usually CTRL-C). help [string] A description of all commands that begin with the given string (or all commands if no string is given) is printed on the stan- dard output. ? A short list of the valid commands is printed on the standard output. ENVIRONMENT This ttauth program uses the following environment variables: TTAUTHORITY to get the name of the authority file to use if the -f option isn't used. If this variable is not set, ttauth will use .TTauthority in the user's home directory. HOME to get the user's home directory if TTAUTHORITY isn't defined. BUGS Users that have unsecure networks should take care to use encrypted file transfer mechanisms to copy authorization entries between machines. Similarly, the MIT-MAGIC-COOKIE-1 protocol is not very use- ful in unsecure environments. Sites that are interested in additional security may need to use encrypted authorization mechanisms such as Kerberos. Spaces are currently not allowed in the protocol name. Quoting could be added for the truly perverse. EXAMPLES This example illustrates how a cookie can be shared with a remote sys- tem using the list, extract and merge commands. To extract an entry from $HOME/.TTauthority file - start ttauth on the command line, using authority file /home/username/.TTauthority ttauth> - get the netid using list ttauth> list TT "" 1289637086/1/10.10.10.25/5 MIT-MAGIC-COOKIE-1 c8fc131e9c216bb7f177334135ceffc500 - extract the entry into the file, /tmp/cookie ttauth> extract /tmp/cookie netid=1289637086/1/10.10.10.25/5 1 entries written to "/tmp/cookie" To merge this cookie on a remote system - Transfer the cookie file /tmp/cookie in a secure manner - start ttauth on the remote system using authority file /remote/username/.TTauthority ttauth> - merge the tranferred cookie file, /tmp/cookie ttauth> merge /tmp/cookie 1 entries read in: 1 new, 0 replacement - save the new cookie by exiting ttauth> exit Writing authority file /remote/username/.TTauthority AUTHOR Mitchell Greess, Solutions Atlantic ATTRIBUTES See attributes(7) for descriptions of the following attributes: +---------------+------------------+ |ATTRIBUTE TYPE | ATTRIBUTE VALUE | +---------------+------------------+ |Availability | library/tooltalk | +---------------+------------------+ |Stability | Committed | +---------------+------------------+ ToolTalk 1.3 07 July 2000 ttauth(1)