ttauth(1) ToolTalk Commands ttauth(1)NAMEttauth - TT authority file utility
SYNOPSISttauth [ -f authfile ] [ -vqib ] [ command arg ... ]
DESCRIPTION
The ttauth program is used to edit and display the authorization infor‐
mation used in connecting with Tooltalk. This program is usually used
to extract authorization records from one machine and merge them in on
another (as is the case when using remote logins or granting access to
other users). Commands (described below) may be entered interactively,
on the ttauth command line, or in scripts.
OPTIONS
The following options may be used with ttauth. They may be given indi‐
vidually (e.g. -q -i) or may be combined (e.g. -qi):
-f authfile
This option specifies the name of the authority file to use.
By default, ttauth will use the file specified by the TTAUTHOR‐
ITY environment variable or .TTauthority in the user's home
directory.
-q This option indicates that ttauth should operate quietly and
not print unsolicited status messages. This is the default if
a ttauth command is given on the command line or if the stan‐
dard output is not directed to a terminal.
-v This option indicates that ttauth should operate verbosely and
print status messages indicating the results of various opera‐
tions (e.g. how many records have been read in or written out).
This is the default if ttauth is reading commands from its
standard input and its standard output is directed to a termi‐
nal.
-i This option indicates that ttauth should ignore any authority
file locks. Normally, ttauth will refuse to read or edit any
authority files that have been locked by other programs (usu‐
ally xdm(1) or another ttauth).
-b This option indicates that ttauth should attempt to break any
authority file locks before proceeding and should only be used
to clean up stale locks.
COMMANDS
The following commands may be used to manipulate authority files:
add protoname protodata netid authname authdata
Add an entry into authority file. The entry must consist of the
five fields delimited by spaces. protoname used by Tooltalk is
TT. protodata used by Tooltalk is an empty string. netid is
made up of a combination of Tooltalk Session ID and the IP
address of the machine. authname used by Tooltalk is MIT-MAGIC-
COOKIE-1. authdata is specified as an even-lengthed string of
hexadecimal digits, each pair representing one byte. The first
digit of each pair gives the most significant 4 bits of the
byte, and the second digit of the pair gives the least signifi‐
cant 4 bits. For example, a 32 character string would repre‐
sent a 128-bit value.
extract filename <protoname=$> <protodata=$> <netid=$>
<authname=$>" Extract entries into file, filename. Authoriza‐
tion entries that match any of the values specified by either
<protoname>, <protodata>, <netid> or <authname>. The extracted
entries can be read back in using the merge command. If the
the filename consists of just a single dash, the entries will
be written to the standard output.
list <protoname=$> <protodata=$> <netid=$> <authname=$>
All authorization entries are printed on the standard output if
no selection is specified. Otherwise, only entries that match
any of the values specified by either <protoname>, <protodata>,
<netid> or <authname> are printed on the standard output.
authdata is always displayed in the hexadecimal format given in
the description of the add command.
merge filename ...
Authorization entries are read from the specified files and are
merged into the authorization database, superceding any match‐
ing existing entries. On exit, these entries will then be
written from the database to the authority file.
remove <protoname=$> <protodata=$> <netid=$> <authname=$>
Authorization entries that match any of the values specified by
either <protoname>, <protodata>, <netid> or <authname> are
removed from the authority file.
source filename
The specified file is treated as a script containing ttauth
commands to execute. Blank lines and lines beginning with a
sharp sign (#) are ignored. A single dash may be used to indi‐
cate the standard input, if it hasn't already been read.
info Information describing the authorization file, whether or not
any changes have been made, and from where ttauth commands are
being read is printed on the standard output.
exit If any modifications have been made, the authority file is
written out (if allowed), and the program exits. An end of
file is treated as an implicit exit command.
quit The program exits, ignoring any modifications. This may also
be accomplished by issuing SIGINT (usually CTRL-C).
help [string]
A description of all commands that begin with the given string
(or all commands if no string is given) is printed on the stan‐
dard output.
? A short list of the valid commands is printed on the standard
output.
ENVIRONMENT
This ttauth program uses the following environment variables:
TTAUTHORITY
to get the name of the authority file to use if the -f option
isn't used. If this variable is not set, ttauth will use
.TTauthority in the user's home directory.
HOME to get the user's home directory if TTAUTHORITY isn't defined.
BUGS
Users that have unsecure networks should take care to use encrypted
file transfer mechanisms to copy authorization entries between
machines. Similarly, the MIT-MAGIC-COOKIE-1 protocol is not very use‐
ful in unsecure environments. Sites that are interested in additional
security may need to use encrypted authorization mechanisms such as
Kerberos.
Spaces are currently not allowed in the protocol name. Quoting could
be added for the truly perverse.
EXAMPLES
This example illustrates how a cookie can be shared with a remote sys‐
tem using the list, extract and merge commands.
To extract an entry from $HOME/.TTauthority file
- start ttauth on the command line,
using authority file /home/username/.TTauthority
ttauth>
- get the netid using list
ttauth> list
TT "" 1289637086/1/10.10.10.25/5 MIT-MAGIC-COOKIE-1 c8fc131e9c216bb7f177334135ceffc500
- extract the entry into the file, /tmp/cookie
ttauth> extract /tmp/cookie netid=1289637086/1/10.10.10.25/5
1 entries written to "/tmp/cookie"
To merge this cookie on a remote system
- Transfer the cookie file /tmp/cookie in a secure manner
- start ttauth on the remote system
using authority file /remote/username/.TTauthority
ttauth>
- merge the tranferred cookie file, /tmp/cookie
ttauth> merge /tmp/cookie
1 entries read in: 1 new, 0 replacement
- save the new cookie by exiting
ttauth> exit
Writing authority file /remote/username/.TTauthority
AUTHOR
Mitchell Greess, Solutions Atlantic
ToolTalk 1.3 07 July 2000 ttauth(1)
