+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 3//EN">
-<HTML><HEAD>
-<TITLE>Administration Reference</TITLE>
-<!-- Begin Header Records ========================================== -->
-<!-- /tmp/idwt3190/auarf000.scr converted by idb2h R4.2 (359) ID -->
-<!-- Workbench Version (AIX) on 5 Nov 1999 at 13:58:29 -->
-<META HTTP-EQUIV="updated" CONTENT="Fri, 05 Nov 1999 13:58:29">
-<META HTTP-EQUIV="review" CONTENT="Sun, 05 Nov 2000 13:58:29">
-<META HTTP-EQUIV="expires" CONTENT="Mon, 05 Nov 2001 13:58:29">
-</HEAD><BODY>
-<!-- (C) IBM Corporation 2000. All Rights Reserved -->
-<BODY bgcolor="ffffff">
-<!-- End Header Records ============================================ -->
-<A NAME="Top_Of_Page"></A>
-<H1>Administration Reference</H1>
-<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf180.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf182.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
-<P>
-<H2><A NAME="HDRKAS_INTRO" HREF="auarf002.htm#ToC_195">kas</A></H2>
-<A NAME="IDX5057"></A>
-<A NAME="IDX5058"></A>
-<A NAME="IDX5059"></A>
-<A NAME="IDX5060"></A>
-<A NAME="IDX5061"></A>
-<P><STRONG>Purpose</STRONG>
-<P>Introduction to the <B>kas</B> command suite
-<P><STRONG>Description</STRONG>
-<P>The commands in the <B>kas</B> command suite are the administrative
-interface to the Authentication Server, which runs on each database server
-machine in a cell, maintains the Authentication Database, and provides the
-authentication tickets that client applications must present to AFS servers in
-order to obtain access to AFS data and other services.
-<P>There are several categories of commands in the <B>kas</B> command
-suite:
-<UL>
-<P><LI>Commands to create, modify, examine and delete entries in the
-Authentication Database, including passwords: <B>kas create</B>,
-<B>kas delete</B>, <B>kas examine</B>, <B>kas list</B>, <B>kas
-setfields</B>, <B>kas setkey</B>, <B>kas setpassword</B>, and
-<B>kas unlock</B>
-<P><LI>Commands to create, delete, and examine tokens and server tickets:
-<B>kas forgetticket</B>, <B>kas listtickets</B>, <B>kas
-noauthentication</B>, and <B>kas stringtokey</B>
-<P><LI>A command to enter interactive mode: <B>kas interactive</B>
-<P><LI>A command to trace Authentication Server operations: <B>kas
-statistics</B>
-<P><LI>Commands to obtain help: <B>kas apropos</B> and <B>kas
-help</B>
-</UL>
-<P>Because of the sensitivity of information in the Authentication Database,
-the Authentication Server authenticates issuers of <B>kas</B> commands
-directly, rather than accepting the standard token generated by the Ticket
-Granting Service. Any <B>kas</B> command that requires
-administrative privilege prompts the issuer for a password. The
-resulting ticket is valid for six hours unless the maximum ticket lifetime for
-the issuer or the Authentication Server's Ticket Granting Service is
-shorter.
-<A NAME="IDX5062"></A>
-<A NAME="IDX5063"></A>
-<P>To avoid having to provide a password repeatedly when issuing a sequence of
-<B>kas</B> commands, enter <I>interactive mode</I> by issuing the
-<B>kas interactive</B> command, typing <B>kas</B> without any
-operation code, or typing <B>kas</B> followed by a user and cell name,
-separated by an at-sign (<B>@</B>; an example is <B>kas
-smith.admin@abc.com</B>). After prompting once for a
-password, the Authentication Server accepts the resulting token for every
-command issued during the interactive session. See the reference page
-for the <B>kas interactive</B> command for a discussion of when to use
-each method for entering interactive mode and of the effects of entering a
-session.
-<P>The Authentication Server maintains two databases on the local disk of the
-machine where it runs:
-<UL>
-<P><LI>The Authentication Database (<B>/usr/afs/db/kaserver.DB0</B>)
-stores the information used to provide AFS authentication services to users
-and servers, including the password scrambled as an encryption key. The
-reference page for the <B>kas examine</B> command describes the
-information in a database entry.
-<P><LI>An auxiliary file (<B>/usr/afs/local/kaauxdb</B> by default) that
-tracks how often the user has provided an incorrect password to the local
-Authentication Server. The reference page for the <B>kas
-setfields</B> command describes how the Authentication Server uses this file
-to enforce the limit on consecutive authentication failures. To
-designate an alternate directory for the file, use the <B>kaserver</B>
-command's <B>-localfiles</B> argument.
-</UL>
-<P><STRONG>Options</STRONG>
-<P>The following arguments and flags are available on many commands in the
-<B>kas</B> suite. (Some of them are unavailable on commands entered
-in interactive mode, because the information they specify is established when
-entering interactive mode and cannot be changed except by leaving interactive
-mode.) The reference page for each command also lists them, but they
-are described here in greater detail.
-<DL>
-<P><DT><B>
-<A NAME="IDX5064"></A>
-<B>-admin_username</B>
-</B><DD>Specifies the user identity under which to authenticate with the
-Authentication Server for execution of the command. If this argument is
-omitted, the <B>kas</B> command interpreter requests authentication for
-the identity under which the issuer is logged onto the local machine.
-Do not combine this argument with the <B>-noauth</B> flag.
-<A NAME="IDX5065"></A>
-<P><DT><B>-cell <<VAR>cell name</VAR>>
-</B><DD>Names the cell in which to run the command. It is acceptable to
-abbreviate the cell name to the shortest form that distinguishes it from the
-other entries in the <B>/usr/vice/etc/CellServDB</B> file on the local
-machine. If the <B>-cell</B> argument is omitted, the command
-interpreter determines the name of the local cell by reading the following in
-order:
-<OL TYPE=1>
-<P><LI>The value of the AFSCELL environment variable
-<P><LI>The local <B>/usr/vice/etc/ThisCell</B> file
-</OL>
-<P>
-<P>The <B>-cell</B> argument is not available on commands issued in
-interactive mode. The cell defined when the <B>kas</B> command
-interpreter enters interactive mode applies to all commands issued during the
-interactive session.
-<A NAME="IDX5066"></A>
-<P><DT><B>-help
-</B><DD>Prints a command's online help message on the standard output
-stream. Do not combine this flag with any of the command's other
-options; when it is provided, the command interpreter ignores all other
-options, and only prints the help message.
-<P><DT><B>
-<A NAME="IDX5067"></A>
-<B>-noauth</B>
-</B><DD>Establishes an unauthenticated connection to the Authentication Server, in
-which the Authentication Server treats the issuer as the unprivileged user
-<B>anonymous</B>. It is useful only when authorization checking is
-disabled on the server machine (during the installation of a server machine or
-when the <B>bos setauth</B> command has been used during other unusual
-circumstances). In normal circumstances, the Authentication Server
-allows only privileged users to issue most <B>kas</B> commands, and
-refuses to perform such an action even if the <B>-noauth</B> flag is
-provided. Do not combine this flag with the <B>-admin_username</B>
-and <B>-password_for_admin</B> arguments.
-<P><DT><B>
-<A NAME="IDX5068"></A>
-<B>-password_for_admin</B>
-</B><DD>Specifies the password of the command's issuer. It is best to
-omit this argument, which echoes the password visibly in the command shell,
-instead enter the password at the prompt. Do not combine this argument
-with the <B>-noauth</B> flag.
-<P><DT><B>
-<A NAME="IDX5069"></A>
-<B>-servers</B>
-</B><DD>Establishes a connection with the Authentication Server running on each
-specified database server machine, instead of on each machine listed in the
-local <B>/usr/vice/etc/CellServDB</B> file. In either case, the
-<B>kas</B> command interpreter then chooses one of the machines at random
-to contact for execution of each subsequent command. The issuer can
-abbreviate the machine name to the shortest form that allows the local name
-service to identify it uniquely.
-</DL>
-<P><STRONG>Privilege Required</STRONG>
-<P>To issue most <B>kas</B> commands, the issuer must have the
-<TT>ADMIN</TT> flag set in his or her Authentication Database entry (use the
-<B>kas setfields</B> command to turn the flag on).
-<P><STRONG>Related Information</STRONG>
-<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
-<P><A HREF="auarf045.htm#HDRKASERVERDB">kaserver.DB0 and kaserver.DBSYS1</A>
-<P><A HREF="auarf046.htm#HDRKASERVERAUXDB">kaserverauxdb</A>
-<P><A HREF="auarf182.htm#HDRKAS_APROPOS">kas apropos</A>
-<P><A HREF="auarf183.htm#HDRKAS_CREATE">kas create</A>
-<P><A HREF="auarf184.htm#HDRKAS_DELETE">kas delete</A>
-<P><A HREF="auarf185.htm#HDRKAS_EXAMINE">kas examine</A>
-<P><A HREF="auarf186.htm#HDRKAS_FORGETTICKET">kas forgetticket</A>
-<P><A HREF="auarf187.htm#HDRKAS_HELP">kas help</A>
-<P><A HREF="auarf188.htm#HDRKAS_INTERACTIVE">kas interactive</A>
-<P><A HREF="auarf189.htm#HDRKAS_LIST">kas list</A>
-<P><A HREF="auarf190.htm#HDRKAS_LISTTICKETS">kas listtickets</A>
-<P><A HREF="auarf191.htm#HDRKAS_NOAUTH">kas noauthentication</A>
-<P><A HREF="auarf192.htm#HDRKAS_QUIT">kas quit</A>
-<P><A HREF="auarf193.htm#HDRKAS_SETFIELDS">kas setfields</A>
-<P><A HREF="auarf194.htm#HDRKAS_SETPASSWORD">kas setpassword</A>
-<P><A HREF="auarf195.htm#HDRKAS_STATISTICS">kas statistics</A>
-<P><A HREF="auarf196.htm#HDRKAS_STRINGTOKEY">kas stringtokey</A>
-<P><A HREF="auarf197.htm#HDRKAS_UNLOCK">kas unlock</A>
-<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
-<P>
-<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf180.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf182.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
-<!-- Begin Footer Records ========================================== -->
-<P><HR><B>
-<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
-</B>
-<!-- End Footer Records ============================================ -->
-<A NAME="Bot_Of_Page"></A>
-</BODY></HTML>
git://git.openafs.org / openafs.git / blobdiff