michael@102: Index: nessus-core/doc/nessusd.8.in michael@102: --- nessus-core/doc/nessusd.8.in.orig 2004-10-19 17:21:05 +0200 michael@102: +++ nessus-core/doc/nessusd.8.in 2005-03-23 11:59:54 +0100 michael@102: @@ -183,7 +183,7 @@ michael@102: .SH USERS MANAGEMENT michael@102: michael@102: The utility nessus-adduser(8) creates new nessusd users. Each nessusd user michael@102: -is attributed a "home", in @NESSUS_STATEDIR@/users/. This home contains the following directories : michael@102: +is attributed a "home", in @NESSUSD_STATEDIR@/users/. This home contains the following directories : michael@102: .IP auth/ michael@102: This directory contains the authentification information for this user. It might contain the file 'dname' if the user is authenticating using a certificate, or 'hash' (or 'passwd') if the user is authenticating using a password. The file 'hash' contains a MD5 hash of the user password, as well as a random seed. The file 'password' should contain the password in clear text. michael@102: michael@102: @@ -206,7 +206,7 @@ michael@102: michael@102: michael@102: When a user attempts to log in, nessusd first checks that the directory michael@102: -@NESSUS_STATEDIR@/users/ exists, then hashes the password sent by the user with the random salt found in /auth/hash, and compares it with the password hash stored in the same file. If the users authenticates using a certificate, then nessusd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in /dname. michael@102: +@NESSUSD_STATEDIR@/users/ exists, then hashes the password sent by the user with the random salt found in /auth/hash, and compares it with the password hash stored in the same file. If the users authenticates using a certificate, then nessusd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in /dname. michael@102: michael@102: michael@102: To remove a given user, use the command nessus-rmuser(8). michael@102: Index: nessus-core/nessus-mkcert.in michael@102: --- nessus-core/nessus-mkcert.in.orig 2004-12-10 20:40:22 +0100 michael@102: +++ nessus-core/nessus-mkcert.in 2005-03-23 12:00:24 +0100 michael@102: @@ -407,31 +407,12 @@ michael@102: michael@102: chmod a+r $CACERT $SRVCERT #cln $CLNCERT michael@102: michael@102: - michael@102: -CF=@sysconfdir@/nessus/nessusd.conf michael@102: -egrep -v '^ *(pem_password|cert_file|key_file|ca_file|force_pubkey_auth) *=' "$CF" > "$CF.tmp" michael@102: -echo "# michael@102: -# Added by nessus-mkcert michael@102: -# michael@102: -cert_file=$SRVCERT michael@102: -key_file=$SRVKEY michael@102: -ca_file=$CACERT michael@102: -# If you decide to protect your private key with a password, michael@102: -# uncomment and change next line michael@102: -# pem_password=password michael@102: -# If you want to force the use of a client certificate, uncomment next line michael@102: -# force_pubkey_auth = yes" >> "$CF.tmp" michael@102: - michael@102: - michael@102: - michael@102: - michael@102: test -z "$QUIET" && header michael@102: michael@102: if [ -s "$CACERT" -a -s "$CAKEY" -a -s "$SRVCERT" -a -s "$SRVKEY" ]; michael@102: then michael@102: test -z "$QUIET" && echo "Congratulations. Your server certificate was properly created." michael@102: michael@102: - mv -f "$CF.tmp" "$CF" michael@102: test -z "$QUIET" && { michael@102: echo michael@102: echo "$CF updated