initial-html-documentation-20010606

[openafs.git] / doc / html / AdminReference / auarf188.htm

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
<HTML><HEAD>
<TITLE>Administration Reference</TITLE>
<!-- Begin Header Records  ========================================== -->
<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID      -->
<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30                -->
<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
</HEAD><BODY>
<!-- (C) IBM Corporation 2000. All Rights Reserved    --> 
<BODY bgcolor="ffffff"> 
<!-- End Header Records  ============================================ -->
<A NAME="Top_Of_Page"></A>
<H1>Administration Reference</H1>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf187.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf189.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
<P>
<H2><A NAME="HDRKAS_INTERACTIVE" HREF="auarf002.htm#ToC_202">kas interactive</A></H2>
<P><STRONG>Purpose</STRONG>
<P>Enters interactive mode
<P><STRONG>Synopsis</STRONG>
<PRE><B>kas interactive</B> [<B>-admin_username</B> &lt;<VAR>admin&nbsp;principal&nbsp;to&nbsp;use&nbsp;for&nbsp;authentication</VAR>>] 
                [<B>-password_for_admin</B> &lt;<VAR>admin&nbsp;password</VAR>>]  [<B>-cell</B> &lt;<VAR>cell&nbsp;name</VAR>>] 
                [<B>-servers</B> &lt;<VAR>explicit&nbsp;list&nbsp;of&nbsp;authentication&nbsp;servers</VAR>><SUP>+</SUP>]  
                [<B>-noauth</B>]  [<B>-help</B>]
      
<B>kas i</B> [<B>-a</B> &lt;<VAR>admin&nbsp;principal&nbsp;to&nbsp;use&nbsp;for&nbsp;authentication</VAR>>]  
      [<B>-p</B> &lt;<VAR>admin&nbsp;password</VAR>>]  [<B>-c</B> &lt;<VAR>cell&nbsp;name</VAR>>]  
      [<B>-s</B> &lt;<VAR>explicit&nbsp;list&nbsp;of&nbsp;authentication&nbsp;servers</VAR>><SUP>+</SUP>]  [<B>-n</B>]  [<B>-h</B>]
</PRE>
<P><STRONG>Description</STRONG>
<P>The <B>kas interactive</B> command establishes an interactive session
for the issuer of the command. By default, the command interpreter
establishes an authenticated connection for the user logged into the local
file system with all of the Authentication Servers listed in the local
<B>/usr/vice/etc/CellServDB</B> file for the cell named in the local
<B>/usr/vice/etc/ThisCell</B> file. To specify an alternate
identity, cell name, or list of Authentication Servers, include the
<B>-admin_username</B>, <B>-cell</B>, or <B>-servers</B> arguments
respectively. Interactive mode lasts for six hours unless the maximum
ticket lifetime for the issuer or the Authentication Server's Ticket
Granting Service is shorter.
<P>There are two other ways to enter interactive mode, in addition to the
<B>kas interactive</B> command:
<OL TYPE=1>
<P><LI>Type the <B>kas</B> command at the shell prompt without any operation
code. If appropriate, include one or more of the
<B>-admin_username</B>, <B>-password_for_admin</B>, <B>-cell</B>,
and <B>-servers</B> arguments.
<P><LI>Type the <B>kas</B> command followed by a user name and cell name,
separated by an <B>@</B> sign (for example: <B>kas
admin@abc.com</B>), to establish a connection under the specified
identity with the Authentication Servers listed in the local
<B>/usr/vice/etc/CellServDB</B> file for the indicated cell. If
appropriate, provide the <B>-servers</B> argument to specify an alternate
list of Authentication Server machines that belong to the indicated
cell.
</OL>
<P>There are several consequences of entering interactive mode:
<UL>
<P><LI>The <TT>ka></TT> prompt replaces the system (shell) prompt. When
typing commands at this prompt, provide only the operation code (omit the
command suite name, <B>kas</B>).
<P><LI>The command interpreter does not prompt for the issuer's
password.
<P>The issuer's identity and password, the relevant cell, and the set of
Authentication Server machines specified when entering interactive mode apply
to all commands issued during the session. They cannot be changed
without leaving the session, except by using the <B>(kas)
noauthentication</B> command to replace the current authenticated
connections with unauthenticated ones. The <B>-admin_username</B>,
<B>-password_for_admin</B>, <B>-cell</B>, and <B>-servers</B>
arguments are ignored if provided on a command issued during interactive
mode.
</UL>
<P>To establish an unauthenticated connection to the Authentication Server,
include the <B>-noauth</B> flag or provide an incorrect password.
Unless authorization checking is disabled on each Authentication Server
machine involved, however, it is not possible to perform any privileged
operations within such a session.
<P>To end the current authenticated connection and establish an
unauthenticated one, issue the <B>(kas) noauthentication</B>
command. To leave interactive mode and return to the regular shell
prompt, issue the <B>(kas) quit</B> command.
<P><STRONG>Options</STRONG>
<DL>
<P><DT><B>-admin_username
</B><DD>Specifies the user identity under which to authenticate with the
Authentication Server for execution of the command. For more details,
see the introductory <B>kas</B> reference page.
<P><DT><B>-password_for_admin
</B><DD>Specifies the password of the command's issuer. If it is
omitted (as recommended), the <B>kas</B> command interpreter prompts for
it and does not echo it visibly. For more details, see the introductory
<B>kas</B> reference page.
<P><DT><B>-cell
</B><DD>Names the cell in which to run the command. For more details, see
the introductory <B>kas</B> reference page.
<P><DT><B>-servers
</B><DD>Names each machine running an Authentication Server with which to
establish a connection. For more details, see the introductory
<B>kas</B> reference page.
<P><DT><B>-noauth
</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
issuer. For more details, see the introductory <B>kas</B> reference
page.
<P><DT><B>-help
</B><DD>Prints the online help for this command. All other valid options
are ignored.
</DL>
<P><STRONG>Examples</STRONG>
<P>The following example shows a user entering interactive mode as the
privileged user <B>admin</B>.
<PRE>   % <B>kas interactive admin</B>
   Password for admin: <VAR>admin_password</VAR>
   ka>
   
</PRE>
<P><STRONG>Privilege Required</STRONG>
<P>None
<P><STRONG>Related Information</STRONG>
<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
<P><A HREF="auarf191.htm#HDRKAS_NOAUTH">kas noauthentication</A>
<P><A HREF="auarf192.htm#HDRKAS_QUIT">kas quit</A>
<P>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf187.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf189.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
<!-- Begin Footer Records  ========================================== -->
<P><HR><B> 
<br>&#169; <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A>  All Rights Reserved 
</B> 
<!-- End Footer Records  ============================================ -->
<A NAME="Bot_Of_Page"></A>
</BODY></HTML>