serves a two-level name space for storing authentication data, specifically
the status and secrets of each user to whom
can issue a certificate.
The data is stored in
encrypted by a master key using AES
should be started only on the machine acting as authentication server (signer),
before a listener is started for
must share the name space.
Furthermore, no other application except the console should see that name space.
prompts for the master key, reads and decrypts
and serves files representing the contents at
in the name space (default:
is represented by a directory
Each such directory has the following files:
- A count of the number of failed authentications.
to the file increments the count; writing
resets it to 0.
When the count reaches some implementation-defined limit,
the account status is set to
- The time in seconds since the epoch when the account will expire,
or the text
if it has no expiration time.
or a number can be written to the file to set a new expiry time.
- The secret (supposedly) known only to the user and the authentication service.
A secret is any sequence of bytes between 0 and 255 bytes long;
it is initially empty.
The length of the file returned by
is the length of the secret.
If the account has expired or is disabled, an attempt to read the file
will give an error.
- The current status of the user's account, either
Either string can be written to the file to change the state accordingly.
To add a new account, make a directory with that name in
It must not already exist.
To remove an account, remove the corresponding directory;
to rename an account, rename the directory.
All changes made via file system operations in
result in appropriate changes to
option is given, instead of prompting for the master key,
will read it from the file
Obviously that file should be well-protected from ordinary observers.
option enables tracing of the file service protocol, for debugging.