NAME

uss - Introduction to the uss command suite (deprecated)

CAUTIONS

The uss command suite is currently designed for cells using the obsolete Authentication Server, and therefore is primarily useful for sites that have not yet migrated to a Kerberos version 5 KDC. The Authentication Server and supporting commands will be removed in a future version of OpenAFS, which may include uss unless someone who finds it useful converts it to work with a Kerberos version 5 KDC.

DESCRIPTION

The commands in the uss command suite help administrators to create AFS user accounts more easily and efficiently for cells using the obsolete Authentication Server. If uss commands are not used, creating an account requires issuing at least six separate commands to five different AFS servers.

There are three main commands in the suite:

To obtain help, issue the uss apropos and uss help commands.

OPTIONS

The following arguments and flags are available on many commands in the uss suite. The reference page for each command also lists them, but they are described here in greater detail.

-admin <administrator to authenticate>

Specifies the AFS user name under which to establish a connection to the AFS server processes that administer the various parts of a user account. If it is omitted, the connection is established under the issuer's effective user ID (his or her identity in the local file system). Even when this argument is included, UNIX commands that run during the uss operation (for instance, the UNIX /etc/chown command) run under the effective user ID.

-cell <cell name>

Names the cell in which to run the command. It is acceptable to abbreviate the cell name to the shortest form that distinguishes it from the other entries in the /usr/vice/etc/CellServDB file on the local machine. If the -cell argument is omitted, the command interpreter determines the name of the local cell by reading the following in order:

-dryrun

Reports actions that the command interpreter needs to perform when executing the uss operation, without actually performing them. Include this flag to verify that the command produces the desired account configuration. Combine it with the -verbose flag to yield even more detailed information. Note that the output does not necessarily reveal all possible problems that can prevent successful execution of the command, especially those that result from transient server or network outages.

-help

Prints a command's online help message on the standard output stream. Do not combine this flag with any of the command's other options; when it is provided, the command interpreter ignores all other options, and only prints the help message.

-skipauth

Bypasses mutual authentication with the AFS Authentication Server, allowing a site that uses Kerberos instead of the AFS Authentication Server to substitute that form of authentication. If this option is given, uss does not create or manipulate Kerberos principals. A Kerberos principal must be created separately from the uss add command.

PRIVILEGE REQUIRED

The issuer of a uss command must have all the rights required for performing the equivalent actions individually. See each uss command's reference page.

SEE ALSO

uss(5), uss_bulk(5), uss_add(8), uss_apropos(8), uss_bulk(8), uss_delete(8), uss_help(8)

COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.