If the server you are attempting to contact requires authentication, you will need to supply a username and password.  The username should be added in front of the server name with an @ character in between.  You will then be prompted to enter a password.

movedat /local/destination

You may also specify the password on the command line by adding a colon after the username.

movedat /local/destination

This is useful in scripts, but is not generally recommended as it could allow your password to be viewed by other persons using your system and some password characters may conflict with the command line syntax.  Instead, it is recommended that you use the Password Storage method below when preparing for scripts.

movedat will not prompt for a password if the terminal is non-interactive.  For example, if it is run within a script and the password cannot be found in the cache or on the command line, movedat will fail immediately with an authentication error.

The username and password are always encrypted when communicating with the server, even when content encryption is not enabled.


Usernames and passwords must each be less than 63 bytes when UTF-8 encoded.

Usernames and passwords should consist of only ASCII letters, numbers, and printable symbols.  The use of other characters, such as extended unicode characters, may work in some environments but is not assured and may compromise security.

Windows Domains

If the server is running on a Windows system with Active Directory or LDAP enabled, you may specify an authentication domain by using the "-W" option.  For example:

movedat -W domain /local/destination

When using Shadow Authentication, the username field of AuthFile must match "username@domain" and is case sensitive.  When using "-W" with a non-windows server, the username will be presented as "username@domain", which may or may not make sense to the operating system.

Password Caching

movedat will store the password for each combination of username, host IP address, and port number so that you do not need to retype it every time.  The cached password remains valid for four hours or until it generates an authentication error.

Passwords are automatically cached only after an operation completes successfully.

The password is encrypted prior to storage for security.  You may disable password caching by using the -C option or the NoPWCache configuration variable.

In unix systems, the password cache is $HOME/.dei-pwcache2.  In Windows, it is %APPDATA%\DEI\dei-pwcache2.dat.  You may reset the cache by deleting this file.

The contents of the password cache are encrypted.  To view a list of currently cached credentials, enable diagnostics with " -d 1 " in any authenticated movedat command.  For example:

# movedat -d 1 Seeking /Users/me/.dei-pwcache2 Cached user@ PERMANENT Expired user@ Password for Caching password for user@

Password Storage

Passwords may be permanently stored in the encrypted dei-pwcache2 file.  This is useful for scripts or frequently accessed servers.

Use the -A command line option to add to a set of credentials to storage:

movedat [-p port] [-W domain] -A user[:password]

The username, port number, domain if present, and server IP address must match for the credentials to be used.  When using "-W" to specify a domain, this must come before -A on the command line.  If you do not specify a port, the default 8080 will be assumed.  If you do not specify a password, you will be prompted for one.  For example:

movedat -A

If the password contains special characters that conflict with the command syntax, such as an @, or to avoid placing the password on the command line in a script, you may pipe the password instead:

cat password.txt | movedat -A

To expire and remove credentials, including those cached temporarily, use the -E command line option:

movedat [-p port] -E

The password entry will be automatically removed from storage if the server returns a Bad Credentials error.