Provided by: dacs_1.4.38a-2build1_amd64 bug


       dacscookie - create DACS credentials and emit as a cookie


       dacscookie [dacsoptions[1]] [-create] [-i ident] [-user user] [-ip ipaddr]
                            [-role role_str] [-expires date] [-ua str]
                            dacscookie [dacsoptions[1]] -decrypt [-concise]


       This program is part of the DACS suite.

       The dacscookie utility constructs DACS credentials that represent a single DACS identity
       and emits them as the NAME=VALUE element of a HTTP cookie[2] (RFC 2109[3], RFC 2965[4],
       RFC 6265[5]) that may be used by DACS. It can also decode and display these cookies,
       provided the same encryption keys used to create the cookies are available. The program is
       useful for testing purposes, or by programs that perform authentication (e.g., by calling
       dacsauth(1)[6]) and need to return credentials. It may also be used to generate an
       identity "offline"; the resulting credentials could be used by applications other than
       standard Web browsers, or be distributed via any secure channel (e.g., encrypted email)
       for use by the recipient.

       Configured or derived defaults are used if optional identity information is not provided.

           Only the DACS administrator should be able to successfully run this program. Because
           DACS keys and configuration files must be limited to the administrator, this will
           normally be the case, but a careful administrator will set file permissions to deny
           access to all other users, or even delete the binary.

           Similarly, access to cookies generated by this program must be carefully controlled.
           Any jurisdiction within the same federation in which the credentials were created will
           be able to directly decrypt the credentials.


       dacscookie recognizes these options for cookie creation:

           Create the specified credentials and emit them to the standard output as the
           NAME=VALUE component of an HTTP cookie. This is the default.

       -expires date
           Set the expiry date for the cookie. If date begins with '+' and is followed by a digit
           string, the expiry date will be that number of seconds relative to the current time.
           Otherwise, the date is expected to be in one of the recognized formats (see concise
           syntax[7]). If not provided, the configured default value,

       -i ident
           The identity (ident) is given in the concise syntax[7]. Note that any elements that
           are explicitly given will override those that appear in ident.

       -ip ipaddr
           Use ipaddr as the user's IP address (in standard dot notation). If not provided, this
           element will be obtained from any -i flag or else omitted from the credentials.

       -role role_str
           Use role_str as the user's role string, which must be syntactically correct. If not
           provided, this element will be obtained from any -i flag or else omitted from the

       -ua str
           Use str as the user agent string associated with the credentials. If no string is
           specified, the credentials cannot be verified against a user agent string. See

       -user name
           Use name, a syntactically correct username, within the applicable jurisdiction. If not
           provided, this element must be specified using the -i flag.

       dacscookie recognizes these options for cookie decryption:

           Instead of creating credentials, read a cookie from the standard input and print its
           decoded contents to the standard output. If the input is invalid in any way, a message
           is displayed.

           With the -decrypt flag, only print the identity in the concise user syntax[7].


       The following will generate an identity and store it in a file:

           % dacscookie -u -user bobo > cookie.out
           % chmod 0600 cookie.out

       The following will display various elements of the credentials to stdout:

           % dacscookie -u -decrypt < cookie.out
           % rm cookie.out


       The program exits 0 if everything was fine, 1 if an error occurred.


       dacs_auth_agent(8)[10], dacs_auth_transfer(8)[11], dacs_authenticate(8)[12],
       dacsauth(1)[6], dacscred(1)[13], dacs_current_credentials(8)[14].


       Distributed Systems Software ([15])


       Copyright2003-2015 Distributed Systems Software. See the LICENSE[16] file that accompanies
       the distribution for licensing information.


        1. dacsoptions

        2. HTTP cookie

        3. RFC 2109

        4. RFC 2965

        5. RFC 6265

        6. dacsauth(1)

        7. concise syntax


        9. dacs.conf(5)

       10. dacs_auth_agent(8)

       11. dacs_auth_transfer(8)

       12. dacs_authenticate(8)

       13. dacscred(1)

       14. dacs_current_credentials(8)


       16. LICENSE