1 <?xml version="1.0" encoding="UTF-8"?>
2 <refentry id="kas_interactive8">
4 <refentrytitle>kas interactive</refentrytitle>
5 <manvolnum>8</manvolnum>
8 <refname>kas interactive</refname>
9 <refpurpose>Enters interactive mode</refpurpose>
12 <title>Synopsis</title>
13 <para><emphasis role="bold">kas interactive</emphasis>
14 [<emphasis role="bold">-admin_username</emphasis> <<emphasis>admin principal to use for authentication</emphasis>>]
15 [<emphasis role="bold">-password_for_admin</emphasis> <<emphasis>admin password</emphasis>>] [<emphasis role="bold">-cell</emphasis> <<emphasis>cell name</emphasis>>]
16 [<emphasis role="bold">-servers</emphasis> <<emphasis>explicit list of authentication servers</emphasis>>+]
17 [<emphasis role="bold">-noauth</emphasis>] [<emphasis role="bold">-help</emphasis>]</para>
19 <para><emphasis role="bold">kas i</emphasis> [<emphasis role="bold">-a</emphasis> <<emphasis>admin principal to use for authentication</emphasis>>]
20 [<emphasis role="bold">-p</emphasis> <<emphasis>admin password</emphasis>>] [<emphasis role="bold">-c</emphasis> <<emphasis>cell name</emphasis>>]
21 [<emphasis role="bold">-s</emphasis> <<emphasis>explicit list of authentication servers</emphasis>>+] [<emphasis role="bold">-n</emphasis>] [<emphasis role="bold">-h</emphasis>]</para>
25 <title>Description</title>
26 <para>The <emphasis role="bold">kas interactive</emphasis> command establishes an interactive session for the
27 issuer of the command. By default, the command interpreter establishes an
28 authenticated connection for the user logged into the local file system
29 with all of the Authentication Servers listed in the local
30 <replaceable>/usr/vice/etc/CellServDB</replaceable> file for the cell named in the local
31 <replaceable>/usr/vice/etc/ThisCell</replaceable> file. To specify an alternate identity, cell
32 name, or list of Authentication Servers, include the <emphasis role="bold">-admin_username</emphasis>,
33 <emphasis role="bold">-cell</emphasis>, or <emphasis role="bold">-servers</emphasis> arguments respectively. Interactive mode lasts
34 for six hours unless the maximum ticket lifetime for the issuer or the
35 Authentication Server's Ticket Granting Service is shorter.</para>
37 <para>There are two other ways to enter interactive mode, in addition to the
38 <emphasis role="bold">kas interactive</emphasis> command:</para>
42 <para>Type the kas command at the shell prompt without any operation code. If
43 appropriate, include one or more of the <emphasis role="bold">-admin_username</emphasis>,
44 <emphasis role="bold">-password_for_admin</emphasis>, <emphasis role="bold">-cell</emphasis>, and <emphasis role="bold">-servers</emphasis> arguments.</para>
48 <para>Type the kas command followed by a user name and cell name, separated by
49 an <computeroutput>@</computeroutput> sign (for example: <emphasis role="bold">kas admin@abc.com</emphasis>), to establish a
50 connection under the specified identity with the Authentication Servers
51 listed in the local <replaceable>/usr/vice/etc/CellServDB</replaceable> file for the indicated
52 cell. If appropriate, provide the <emphasis role="bold">-servers</emphasis> argument to specify an
53 alternate list of Authentication Server machines that belong to the
54 indicated cell.</para>
58 <para>There are several consequences of entering interactive mode:</para>
62 <para>The <computeroutput>ka></computeroutput> prompt replaces the system (shell) prompt. When typing
63 commands at this prompt, provide only the operation code (omit the command
64 suite name, <emphasis role="bold">kas</emphasis>).</para>
68 <para>The command interpreter does not prompt for the issuer's password.</para>
70 <para>The issuer's identity and password, the relevant cell, and the set of
71 Authentication Server machines specified when entering interactive mode
72 apply to all commands issued during the session. They cannot be changed
73 without leaving the session, except by using the <emphasis role="bold">kas noauthentication</emphasis>
74 command to replace the current authenticated connections with
75 unauthenticated ones. The <emphasis role="bold">-admin_username</emphasis>, <emphasis role="bold">-password_for_admin</emphasis>,
76 <emphasis role="bold">-cell</emphasis>, and <emphasis role="bold">-servers</emphasis> arguments are ignored if provided on a command
77 issued during interactive mode.</para>
81 <para>To establish an unauthenticated connection to the Authentication Server,
82 include the <emphasis role="bold">-noauth</emphasis> flag or provide an incorrect password. Unless
83 authorization checking is disabled on each Authentication Server machine
84 involved, however, it is not possible to perform any privileged operations
85 within such a session.</para>
87 <para>To end the current authenticated connection and establish an
88 unauthenticated one, issue the <emphasis role="bold">kas noauthentication</emphasis> command. To leave
89 interactive mode and return to the regular shell prompt, issue the <emphasis role="bold">kas
90 quit</emphasis> command.</para>
94 <title>Options</title>
97 <term><emphasis role="bold">-admin_username</emphasis> <<emphasis>admin principal</emphasis>></term>
99 <para>Specifies the user identity under which to authenticate with the
100 Authentication Server for execution of the command. For more details, see
101 <link linkend="kas8">kas(8)</link>.</para>
106 <term><emphasis role="bold">-password_for_admin</emphasis> <<emphasis>admin password</emphasis>></term>
108 <para>Specifies the password of the command's issuer. If it is omitted (as
109 recommended), the <emphasis role="bold">kas</emphasis> command interpreter prompts for it and does not
110 echo it visibly. For more details, see <link linkend="kas8">kas(8)</link>.</para>
115 <term><emphasis role="bold">-cell</emphasis> <<emphasis>cell name</emphasis>></term>
117 <para>Names the cell in which to run the command. For more details, see
118 <link linkend="kas8">kas(8)</link>.</para>
123 <term><emphasis role="bold">-servers</emphasis> <<emphasis>authentication servers</emphasis>>+</term>
125 <para>Names each machine running an Authentication Server with which to
126 establish a connection. For more details, see <link linkend="kas8">kas(8)</link>.</para>
131 <term><emphasis role="bold">-noauth</emphasis></term>
133 <para>Assigns the unprivileged identity <computeroutput>anonymous</computeroutput> to the issuer. For more
134 details, see <link linkend="kas8">kas(8)</link>.</para>
139 <term><emphasis role="bold">-help</emphasis></term>
141 <para>Prints the online help for this command. All other valid options are
149 <title>Examples</title>
150 <para>The following example shows a user entering interactive mode as the
151 privileged user <computeroutput>admin</computeroutput>.</para>
154 % kas interactive admin
155 Password for admin: I&lt;admin_password&gt;
161 <title>Privilege Required</title>
166 <title>See Also</title>
167 <para><link linkend="kas8">kas(8)</link>,
168 <link linkend="kas_noauthentication8">kas_noauthentication(8)</link>,
169 <link linkend="kas_quit8">kas_quit(8)</link></para>
173 <title>Copyright</title>
174 <para>IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.</para>
176 <para>This documentation is covered by the IBM Public License Version 1.0. It was
177 converted from HTML to POD by software written by Chas Williams and Russ
178 Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.</para>