3 kas interactive - Enters interactive mode
7 kas interactive [B<-admin_username> I<admin principal to use for authentication>]
8 [B<-password_for_admin> I<admin password>] [B<-cell> I<cell name>]
9 [B<-servers> I<explicit list of authentication servers> ...]
10 [B<-noauth>] [B<-help>]
12 kas i [B<-a> I<admin principal to use for authentication>]
13 [B<-p> I<admin password>] [B<-c> I<cell name>]
14 [B<-s> I<explicit list of authentication servers> ...] [B<-n>] [B<-h>]
18 The C<kas interactive> command establishes an interactive session for the
19 issuer of the command. By default, the command interpreter establishes
20 an authenticated connection for the user logged into the local file
21 system with all of the Authentication Servers listed in the local
22 B</usr/vice/etc/CellServDB> file for the cell named in the local
23 B</usr/vice/etc/ThisCell> file. To specify an alternate identity, cell
24 name, or list of Authentication Servers, include the B<-admin_username>,
25 B<-cell>, or B<-servers> arguments respectively. Interactive mode lasts for
26 six hours unless the maximum ticket lifetime for the issuer or the
27 Authentication Server's Ticket Granting Service is shorter.
29 There are two other ways to enter interactive mode, in addition to the
30 C<kas interactive> command:
36 Type the C<kas> command at the shell prompt without any operation
37 code. If appropriate, include one or more of the B<-admin_username>,
38 B<-password_for_admin>, B<-cell>, and B<-servers> arguments.
42 Type the C<kas> command followed by a user name and cell name,
43 separated by an @ sign (for example: C<kas admin@abc.com>), to
44 establish a connection under the specified identity with the
45 Authentication Servers listed in the local
46 B</usr/vice/etc/CellServDB> file for the indicated cell. If
47 appropriate, provide the B<-servers> argument to specify an alternate
48 list of Authentication Server machines that belong to the
53 There are several consequences of entering interactive mode:
59 The ka> prompt replaces the system (shell) prompt. When typing
60 commands at this prompt, provide only the operation code (omit the
61 command suite name, C<kas>).
65 The command interpreter does not prompt for the issuer's password.
67 The issuer's identity and password, the relevant cell, and the set
68 of Authentication Server machines specified when entering
69 interactive mode apply to all commands issued during the session.
70 They cannot be changed without leaving the session, except by
71 using the C<(kas) noauthentication> command to replace the current
72 authenticated connections with unauthenticated ones. The
73 B<-admin_username>, B<-password_for_admin>, B<-cell>, and B<-servers>
74 arguments are ignored if provided on a command issued during
79 To establish an unauthenticated connection to the Authentication
80 Server, include the B<-noauth> flag or provide an incorrect password.
81 Unless authorization checking is disabled on each Authentication
82 Server machine involved, however, it is not possible to perform any
83 privileged operations within such a session.
85 To end the current authenticated connection and establish an
86 unauthenticated one, issue the C<(kas) noauthentication> command. To
87 leave interactive mode and return to the regular shell prompt, issue
88 the C<(kas) quit> command.
94 =item B<-admin_username> I<admin principal to use for authentication>
96 Specifies the user identity under which to authenticate with
97 the Authentication Server for execution of the command. For
98 more details, see the introductory L<kas(1)> reference page.
100 =item B<-password_for_admin> I<admin password>
102 Specifies the password of the command's issuer. If it is
103 omitted (as recommended), the C<kas> command interpreter prompts
104 for it and does not echo it visibly. For more details, see the
105 introductory L<kas(1)> reference page.
107 =item B<-cell> I<cell name>
109 Names the cell in which to run the command. For more details,
110 see the introductory L<kas(1)> reference page.
112 =item B<-servers> I<explicit list of authentication servers> ...
114 Names each machine running an Authentication Server with which
115 to establish a connection. For more details, see the
116 introductory L<kas(1)> reference page.
120 Assigns the unprivileged identity B<anonymous> to the issuer. For
121 more details, see the introductory L<kas(1)> reference page.
125 Prints the online help for this command. All other valid
132 The following example shows a user entering interactive mode as the
133 privileged user B<admin>.
135 B< kas interactive admin>
136 Password for admin: admin_password
139 =head1 PRIVILEGE REQUIRED
145 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
147 Converted from html to pod by Alf Wachsmann <alfw@slac.stanford.edu>, 2003,
148 and Elizabeth Cassell <e_a_c@mailsnare.net>, 2004,
149 Stanford Linear Accelerator Center, a department of Stanford University.
154 L<kas_noauthentication(1)>,