[hcoop/debian/openafs.git] / doc / man-pages / pod8 / kas_interactive.pod

=head1 NAME

kas_interactive - Enters interactive mode

=head1 SYNOPSIS

=for html
<div class="synopsis">

B<kas interactive>
    S<<< [B<-admin_username> <I<admin principal to use for authentication>>] >>>
    S<<< [B<-password_for_admin> <I<admin password>>] >>> S<<< [B<-cell> <I<cell name>>] >>>
    S<<< [B<-servers> <I<explicit list of authentication servers>>+] >>>
    [B<-noauth>] [B<-help>]

B<kas i> S<<< [B<-a> <I<admin principal to use for authentication>>] >>>
    S<<< [B<-p> <I<admin password>>] >>> S<<< [B<-c> <I<cell name>>] >>>
    S<<< [B<-s> <I<explicit list of authentication servers>>+] >>> [B<-n>] [B<-h>]

=for html
</div>

=head1 DESCRIPTION

The B<kas interactive> command establishes an interactive session for the
issuer of the command. By default, the command interpreter establishes an
authenticated connection for the user logged into the local file system
with all of the Authentication Servers listed in the local
F</usr/vice/etc/CellServDB> file for the cell named in the local
F</usr/vice/etc/ThisCell> file. To specify an alternate identity, cell
name, or list of Authentication Servers, include the B<-admin_username>,
B<-cell>, or B<-servers> arguments respectively. Interactive mode lasts
for six hours unless the maximum ticket lifetime for the issuer or the
Authentication Server's Ticket Granting Service is shorter.

There are two other ways to enter interactive mode, in addition to the
B<kas interactive> command:

=over 4

=item *

Type the kas command at the shell prompt without any operation code. If
appropriate, include one or more of the B<-admin_username>,
B<-password_for_admin>, B<-cell>, and B<-servers> arguments.

=item *

Type the kas command followed by a user name and cell name, separated by
an C<@> sign (for example: B<kas admin@example.com>), to establish a
connection under the specified identity with the Authentication Servers
listed in the local F</usr/vice/etc/CellServDB> file for the indicated
cell. If appropriate, provide the B<-servers> argument to specify an
alternate list of Authentication Server machines that belong to the
indicated cell.

=back

There are several consequences of entering interactive mode:

=over 4

=item *

The C<< ka> >> prompt replaces the system (shell) prompt. When typing
commands at this prompt, provide only the operation code (omit the command
suite name, B<kas>).

=item *

The command interpreter does not prompt for the issuer's password.

The issuer's identity and password, the relevant cell, and the set of
Authentication Server machines specified when entering interactive mode
apply to all commands issued during the session. They cannot be changed
without leaving the session, except by using the B<kas noauthentication>
command to replace the current authenticated connections with
unauthenticated ones. The B<-admin_username>, B<-password_for_admin>,
B<-cell>, and B<-servers> arguments are ignored if provided on a command
issued during interactive mode.

=back

To establish an unauthenticated connection to the Authentication Server,
include the B<-noauth> flag or provide an incorrect password.  Unless
authorization checking is disabled on each Authentication Server machine
involved, however, it is not possible to perform any privileged operations
within such a session.

To end the current authenticated connection and establish an
unauthenticated one, issue the B<kas noauthentication> command. To leave
interactive mode and return to the regular shell prompt, issue the B<kas
quit> command.

=head1 OPTIONS

=over 4

=item B<-admin_username> <I<admin principal>>

Specifies the user identity under which to authenticate with the
Authentication Server for execution of the command. For more details, see
L<kas(8)>.

=item B<-password_for_admin> <I<admin password>>

Specifies the password of the command's issuer. If it is omitted (as
recommended), the B<kas> command interpreter prompts for it and does not
echo it visibly. For more details, see L<kas(8)>.

=item B<-cell> <I<cell name>>

Names the cell in which to run the command. For more details, see
L<kas(8)>.

=item B<-servers> <I<authentication servers>>+

Names each machine running an Authentication Server with which to
establish a connection. For more details, see L<kas(8)>.

=item B<-noauth>

Assigns the unprivileged identity C<anonymous> to the issuer. For more
details, see L<kas(8)>.

=item B<-help>

Prints the online help for this command. All other valid options are
ignored.

=back

=head1 EXAMPLES

The following example shows a user entering interactive mode as the
privileged user C<admin>.

   % kas interactive admin
   Password for admin: I<admin_password>
   ka>

=head1 PRIVILEGE REQUIRED

None

=head1 SEE ALSO

L<kas(8)>,
L<kas_noauthentication(8)>,
L<kas_quit(8)>

=head1 COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0.  It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Commit	Line	Data
805e021f CE	1	=head1 NAME
	2
	3	kas_interactive - Enters interactive mode
	4
	5	=head1 SYNOPSIS
	6
	7	=for html
	8	<div class="synopsis">
	9
	10	B<kas interactive>
	11	S<<< [B<-admin_username> <I<admin principal to use for authentication>>] >>>
	12	S<<< [B<-password_for_admin> <I<admin password>>] >>> S<<< [B<-cell> <I<cell name>>] >>>
	13	S<<< [B<-servers> <I<explicit list of authentication servers>>+] >>>
	14	[B<-noauth>] [B<-help>]
	15
	16	B<kas i> S<<< [B<-a> <I<admin principal to use for authentication>>] >>>
	17	S<<< [B<-p> <I<admin password>>] >>> S<<< [B<-c> <I<cell name>>] >>>
	18	S<<< [B<-s> <I<explicit list of authentication servers>>+] >>> [B<-n>] [B<-h>]
	19
	20	=for html
	21	</div>
	22
	23	=head1 DESCRIPTION
	24
	25	The B<kas interactive> command establishes an interactive session for the
	26	issuer of the command. By default, the command interpreter establishes an
	27	authenticated connection for the user logged into the local file system
	28	with all of the Authentication Servers listed in the local
	29	F</usr/vice/etc/CellServDB> file for the cell named in the local
	30	F</usr/vice/etc/ThisCell> file. To specify an alternate identity, cell
	31	name, or list of Authentication Servers, include the B<-admin_username>,
	32	B<-cell>, or B<-servers> arguments respectively. Interactive mode lasts
	33	for six hours unless the maximum ticket lifetime for the issuer or the
	34	Authentication Server's Ticket Granting Service is shorter.
	35
	36	There are two other ways to enter interactive mode, in addition to the
	37	B<kas interactive> command:
	38
	39	=over 4
	40
	41	=item *
	42
	43	Type the kas command at the shell prompt without any operation code. If
	44	appropriate, include one or more of the B<-admin_username>,
	45	B<-password_for_admin>, B<-cell>, and B<-servers> arguments.
	46
	47	=item *
	48
	49	Type the kas command followed by a user name and cell name, separated by
	50	an C<@> sign (for example: B<kas admin@example.com>), to establish a
	51	connection under the specified identity with the Authentication Servers
	52	listed in the local F</usr/vice/etc/CellServDB> file for the indicated
	53	cell. If appropriate, provide the B<-servers> argument to specify an
	54	alternate list of Authentication Server machines that belong to the
	55	indicated cell.
	56
	57	=back
	58
	59	There are several consequences of entering interactive mode:
	60
	61	=over 4
	62
	63	=item *
	64
65	The C<< ka> >> prompt replaces the system (shell) prompt. When typing
66	commands at this prompt, provide only the operation code (omit the command
67	suite name, B<kas>).
68
69	=item *
70
71	The command interpreter does not prompt for the issuer's password.
72
73	The issuer's identity and password, the relevant cell, and the set of
74	Authentication Server machines specified when entering interactive mode
75	apply to all commands issued during the session. They cannot be changed
76	without leaving the session, except by using the B<kas noauthentication>
77	command to replace the current authenticated connections with
78	unauthenticated ones. The B<-admin_username>, B<-password_for_admin>,
79	B<-cell>, and B<-servers> arguments are ignored if provided on a command
80	issued during interactive mode.
81
82	=back
83
84	To establish an unauthenticated connection to the Authentication Server,
85	include the B<-noauth> flag or provide an incorrect password. Unless
86	authorization checking is disabled on each Authentication Server machine
87	involved, however, it is not possible to perform any privileged operations
88	within such a session.
89
90	To end the current authenticated connection and establish an
91	unauthenticated one, issue the B<kas noauthentication> command. To leave
92	interactive mode and return to the regular shell prompt, issue the B<kas
93	quit> command.
94
95	=head1 OPTIONS
96
97	=over 4
98
99	=item B<-admin_username> <I<admin principal>>
100
101	Specifies the user identity under which to authenticate with the
102	Authentication Server for execution of the command. For more details, see
103	L<kas(8)>.
104
105	=item B<-password_for_admin> <I<admin password>>
106
107	Specifies the password of the command's issuer. If it is omitted (as
108	recommended), the B<kas> command interpreter prompts for it and does not
109	echo it visibly. For more details, see L<kas(8)>.
110
111	=item B<-cell> <I<cell name>>
112
113	Names the cell in which to run the command. For more details, see
114	L<kas(8)>.
115
116	=item B<-servers> <I<authentication servers>>+
117
118	Names each machine running an Authentication Server with which to
119	establish a connection. For more details, see L<kas(8)>.
120
121	=item B<-noauth>
122
123	Assigns the unprivileged identity C<anonymous> to the issuer. For more
124	details, see L<kas(8)>.
125
126	=item B<-help>
127
128	Prints the online help for this command. All other valid options are
129	ignored.
130
131	=back
132
133	=head1 EXAMPLES
134
135	The following example shows a user entering interactive mode as the
136	privileged user C<admin>.
137
138	% kas interactive admin
139	Password for admin: I<admin_password>
140	ka>
141
142	=head1 PRIVILEGE REQUIRED
143
144	None
145
146	=head1 SEE ALSO
147
148	L<kas(8)>,
149	L<kas_noauthentication(8)>,
150	L<kas_quit(8)>
151
152	=head1 COPYRIGHT
153
154	IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
155
156	This documentation is covered by the IBM Public License Version 1.0. It was
157	converted from HTML to POD by software written by Chas Williams and Russ
158	Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.