1 kas setfields AFS Commands kas setfields
6 kas setfields -- set various flags, expiration date and
8 ticket lifetime for Authentication
12 kas setfields -name <name of user>
13 [-flags <hex flag value or flag name expression>]
14 [-expiration <date of account expiration>]
15 [-lifetime <maximum ticket lifetime>]
16 [-admin_username <admin principal to use for
18 [-password_for_admin <admin password>] [-cell <cell name>]
19 [-servers <explicit list of authentication
24 ACCEPTABLE ABBREVIATIONS/ALIASES
26 kas sf -na <name of user> [-f <hex flag value or flag name
28 [-e <date of account expiration>]
29 [-l <maximum ticket lifetime>]
30 [-ad <admin principal to use for authentication>]
31 [-p <admin password>] [-c <cell name>]
33 [-s <explicit list of authentication servers> ] [-no] [-h]
37 Changes the Authentication Database entry for name of user
38 in the manner specified by the various optional arguments,
39 which may occur singly or in combination. See the ARGUMENTS
40 section for a description of the values that may be set.
42 The results of this command are visible in the output of the
47 -name specifies the entry to be affected.
49 -flags sets any one of four toggling flags in name's
50 entry. The default is for none of the flags to be
51 set. A value of 0 returns all four flags to their
52 defaults. The following explains the four
53 non-default values to set, their meanings and the
56 - ADMIN (Hex equivalent: 0x004). The name of
57 user is allowed to issue privileged kas
58 commands (Default: NOADMIN).
60 - NOTGS (Hex equivalent: 0x008). The Ticket
61 Granting Service will refuse to issue tickets
62 to name of user (Default: TGS).
64 - NOSEAL (Hex equivalent: 0x020). The Ticket
68 Granting Service cannot use the contents of
69 this entry's key field as an encryption key
72 - NOCPW (Hex equivalent: 0x040). The name of
73 user cannot change his/her/its own password
74 or key (Default: CPW).
76 Both upper and lower-case letters are acceptable
77 in specifying values for the flags.
79 To restore the ADMIN flag to its default, specify
80 NOADMIN. To restore the other flags to their
81 defaults, omit the NO (i.e., type TGS, SEAL or
84 To set more than one flag at once, connect them
85 with plus signs (example: NOTGS+ADMIN+CPW). To
86 remove all the current flag settings before
87 setting new ones, precede the whole list with an
88 equal sign (example: =NOTGS+ADMIN+CPW).
91 determines when the entry itself expires, which
92 will render an individual user unable to log in to
93 the system, and a server unreachable. The default
96 There are three types of legal values:
98 - never, which allows the issuer to return
99 the expiration time to its default after
100 having set it to a date.
102 - mm/dd/yy specifies 12:00 a.m. on the
103 indicated date (month/day/year).
104 Examples : 1/23/90, 10/7/89.
106 - "mm/dd/yy hh:mm" specifies a time
107 "hh:mm" (hour:minutes) on the indicated
108 date (month/day/year). The time should
109 be in 24-hour format (for example, 20:30
110 is 8:30 p.m.) Date format is the same
111 as for a date alone. Surround the
112 entire instance with quotes because it
113 contains a space. Examples : "1/23/90
114 22:30", "10/7/89 3:45".
116 Legal values for yy run from 00 to 37, which are
117 interpreted as the years 2000-2037, and from 70 to
118 99 which are interpreted as 1970-1999. (This
119 restriction is because the Authentication Server
120 converts the date into the number of seconds
121 elapsed since 1 February 1970, to comply with the
122 standard UNIX date representation; dates later
123 than sometime in February 2038 exceed the
124 representation's capacity.)
126 -lifetime specifies the upper limit on the validity lifetime
127 that the TGS may stamp on a ticket issued to an
128 individual or for a server. That is, if name of
132 user is an individual, this value is the maximum
133 lifetime of a ticket issued to the user. If name
134 of user is a server such as "afs," this value is
135 the maximum lifetime of a ticket that the TGS
136 issues to clients in order to contact the server.
138 To specify a number of hours, include a colon in
139 the number (example: 1:00 means one hour).
140 Otherwise, the number is assumed to be in seconds
141 (so 3600 means one hour). If this argument is not
142 provided, the default setting is 100:00 hours
146 specifies the user name under which the issuer
147 wishes to perform the command. If the issuer does
148 not provide it, the current identity is used. See
149 section 4.3 in the Reference Manual for more
150 details. -password_for_admin
151 specifies the issuer's password. If provided
152 here, the password is visible on the screen. If
153 the issuer does not provide it, it will be
154 prompted for and not be visible on the screen.
155 See section 4.3 in the Reference Manual for more
157 specifies the cell in which to run the command, if
158 not the local cell. See section 4.3 in the
159 Reference Manual for more details. -servers
160 specifies the database server machine(s) with
161 which to establish a connection. See section 4.3
162 in the Reference Manual for more details. -noauth
163 establishes an unauthenticated connection between
164 the Authentication Servers and issuer, whom they
165 assign the unprivileged identity anonymous rather
166 than attempting mutual authentication. See
167 section 4.3 in the Reference Manual for more
170 -help prints the online help for this command. Do not
171 provide any other arguments or flags with this
172 one. See section 4.3 in the Reference Manual for
177 In the following, admin grants administrative privilege to
178 smith, and makes smith's entry expire at midnight on 31
181 % kas sf smith ADMIN 12/31/95 Password for admin:
185 Issuer must have the ADMIN flag set in his or her
186 Authentication Database entry.