Commit | Line | Data |
---|---|---|
805e021f CE |
1 | =head1 NAME |
2 | ||
3 | kas_interactive - Enters interactive mode | |
4 | ||
5 | =head1 SYNOPSIS | |
6 | ||
7 | =for html | |
8 | <div class="synopsis"> | |
9 | ||
10 | B<kas interactive> | |
11 | S<<< [B<-admin_username> <I<admin principal to use for authentication>>] >>> | |
12 | S<<< [B<-password_for_admin> <I<admin password>>] >>> S<<< [B<-cell> <I<cell name>>] >>> | |
13 | S<<< [B<-servers> <I<explicit list of authentication servers>>+] >>> | |
14 | [B<-noauth>] [B<-help>] | |
15 | ||
16 | B<kas i> S<<< [B<-a> <I<admin principal to use for authentication>>] >>> | |
17 | S<<< [B<-p> <I<admin password>>] >>> S<<< [B<-c> <I<cell name>>] >>> | |
18 | S<<< [B<-s> <I<explicit list of authentication servers>>+] >>> [B<-n>] [B<-h>] | |
19 | ||
20 | =for html | |
21 | </div> | |
22 | ||
23 | =head1 DESCRIPTION | |
24 | ||
25 | The B<kas interactive> command establishes an interactive session for the | |
26 | issuer of the command. By default, the command interpreter establishes an | |
27 | authenticated connection for the user logged into the local file system | |
28 | with all of the Authentication Servers listed in the local | |
29 | F</usr/vice/etc/CellServDB> file for the cell named in the local | |
30 | F</usr/vice/etc/ThisCell> file. To specify an alternate identity, cell | |
31 | name, or list of Authentication Servers, include the B<-admin_username>, | |
32 | B<-cell>, or B<-servers> arguments respectively. Interactive mode lasts | |
33 | for six hours unless the maximum ticket lifetime for the issuer or the | |
34 | Authentication Server's Ticket Granting Service is shorter. | |
35 | ||
36 | There are two other ways to enter interactive mode, in addition to the | |
37 | B<kas interactive> command: | |
38 | ||
39 | =over 4 | |
40 | ||
41 | =item * | |
42 | ||
43 | Type the kas command at the shell prompt without any operation code. If | |
44 | appropriate, include one or more of the B<-admin_username>, | |
45 | B<-password_for_admin>, B<-cell>, and B<-servers> arguments. | |
46 | ||
47 | =item * | |
48 | ||
49 | Type the kas command followed by a user name and cell name, separated by | |
50 | an C<@> sign (for example: B<kas admin@example.com>), to establish a | |
51 | connection under the specified identity with the Authentication Servers | |
52 | listed in the local F</usr/vice/etc/CellServDB> file for the indicated | |
53 | cell. If appropriate, provide the B<-servers> argument to specify an | |
54 | alternate list of Authentication Server machines that belong to the | |
55 | indicated cell. | |
56 | ||
57 | =back | |
58 | ||
59 | There are several consequences of entering interactive mode: | |
60 | ||
61 | =over 4 | |
62 | ||
63 | =item * | |
64 | ||
65 | The C<< ka> >> prompt replaces the system (shell) prompt. When typing | |
66 | commands at this prompt, provide only the operation code (omit the command | |
67 | suite name, B<kas>). | |
68 | ||
69 | =item * | |
70 | ||
71 | The command interpreter does not prompt for the issuer's password. | |
72 | ||
73 | The issuer's identity and password, the relevant cell, and the set of | |
74 | Authentication Server machines specified when entering interactive mode | |
75 | apply to all commands issued during the session. They cannot be changed | |
76 | without leaving the session, except by using the B<kas noauthentication> | |
77 | command to replace the current authenticated connections with | |
78 | unauthenticated ones. The B<-admin_username>, B<-password_for_admin>, | |
79 | B<-cell>, and B<-servers> arguments are ignored if provided on a command | |
80 | issued during interactive mode. | |
81 | ||
82 | =back | |
83 | ||
84 | To establish an unauthenticated connection to the Authentication Server, | |
85 | include the B<-noauth> flag or provide an incorrect password. Unless | |
86 | authorization checking is disabled on each Authentication Server machine | |
87 | involved, however, it is not possible to perform any privileged operations | |
88 | within such a session. | |
89 | ||
90 | To end the current authenticated connection and establish an | |
91 | unauthenticated one, issue the B<kas noauthentication> command. To leave | |
92 | interactive mode and return to the regular shell prompt, issue the B<kas | |
93 | quit> command. | |
94 | ||
95 | =head1 OPTIONS | |
96 | ||
97 | =over 4 | |
98 | ||
99 | =item B<-admin_username> <I<admin principal>> | |
100 | ||
101 | Specifies the user identity under which to authenticate with the | |
102 | Authentication Server for execution of the command. For more details, see | |
103 | L<kas(8)>. | |
104 | ||
105 | =item B<-password_for_admin> <I<admin password>> | |
106 | ||
107 | Specifies the password of the command's issuer. If it is omitted (as | |
108 | recommended), the B<kas> command interpreter prompts for it and does not | |
109 | echo it visibly. For more details, see L<kas(8)>. | |
110 | ||
111 | =item B<-cell> <I<cell name>> | |
112 | ||
113 | Names the cell in which to run the command. For more details, see | |
114 | L<kas(8)>. | |
115 | ||
116 | =item B<-servers> <I<authentication servers>>+ | |
117 | ||
118 | Names each machine running an Authentication Server with which to | |
119 | establish a connection. For more details, see L<kas(8)>. | |
120 | ||
121 | =item B<-noauth> | |
122 | ||
123 | Assigns the unprivileged identity C<anonymous> to the issuer. For more | |
124 | details, see L<kas(8)>. | |
125 | ||
126 | =item B<-help> | |
127 | ||
128 | Prints the online help for this command. All other valid options are | |
129 | ignored. | |
130 | ||
131 | =back | |
132 | ||
133 | =head1 EXAMPLES | |
134 | ||
135 | The following example shows a user entering interactive mode as the | |
136 | privileged user C<admin>. | |
137 | ||
138 | % kas interactive admin | |
139 | Password for admin: I<admin_password> | |
140 | ka> | |
141 | ||
142 | =head1 PRIVILEGE REQUIRED | |
143 | ||
144 | None | |
145 | ||
146 | =head1 SEE ALSO | |
147 | ||
148 | L<kas(8)>, | |
149 | L<kas_noauthentication(8)>, | |
150 | L<kas_quit(8)> | |
151 | ||
152 | =head1 COPYRIGHT | |
153 | ||
154 | IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. | |
155 | ||
156 | This documentation is covered by the IBM Public License Version 1.0. It was | |
157 | converted from HTML to POD by software written by Chas Williams and Russ | |
158 | Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. |