Administration Reference


[Return to Library] [Contents] [Previous Topic] [Bottom of Topic] [Next Topic] [Index]

kas interactive

Purpose

Enters interactive mode

Synopsis

kas interactive [-admin_username <admin principal to use for authentication>] 
                [-password_for_admin <admin password>]  [-cell <cell name>] 
                [-servers <explicit list of authentication servers>+]  
                [-noauth]  [-help]
      
kas i [-a <admin principal to use for authentication>]  
      [-p <admin password>]  [-c <cell name>]  
      [-s <explicit list of authentication servers>+]  [-n]  [-h]

Description

The kas interactive command establishes an interactive session for the issuer of the command. By default, the command interpreter establishes an authenticated connection for the user logged into the local file system with all of the Authentication Servers listed in the local /usr/vice/etc/CellServDB file for the cell named in the local /usr/vice/etc/ThisCell file. To specify an alternate identity, cell name, or list of Authentication Servers, include the -admin_username, -cell, or -servers arguments respectively. Interactive mode lasts for six hours unless the maximum ticket lifetime for the issuer or the Authentication Server's Ticket Granting Service is shorter.

There are two other ways to enter interactive mode, in addition to the kas interactive command:

  1. Type the kas command at the shell prompt without any operation code. If appropriate, include one or more of the -admin_username, -password_for_admin, -cell, and -servers arguments.

  2. Type the kas command followed by a user name and cell name, separated by an @ sign (for example: kas admin@abc.com), to establish a connection under the specified identity with the Authentication Servers listed in the local /usr/vice/etc/CellServDB file for the indicated cell. If appropriate, provide the -servers argument to specify an alternate list of Authentication Server machines that belong to the indicated cell.

There are several consequences of entering interactive mode:

To establish an unauthenticated connection to the Authentication Server, include the -noauth flag or provide an incorrect password. Unless authorization checking is disabled on each Authentication Server machine involved, however, it is not possible to perform any privileged operations within such a session.

To end the current authenticated connection and establish an unauthenticated one, issue the (kas) noauthentication command. To leave interactive mode and return to the regular shell prompt, issue the (kas) quit command.

Options

-admin_username
Specifies the user identity under which to authenticate with the Authentication Server for execution of the command. For more details, see the introductory kas reference page.

-password_for_admin
Specifies the password of the command's issuer. If it is omitted (as recommended), the kas command interpreter prompts for it and does not echo it visibly. For more details, see the introductory kas reference page.

-cell
Names the cell in which to run the command. For more details, see the introductory kas reference page.

-servers
Names each machine running an Authentication Server with which to establish a connection. For more details, see the introductory kas reference page.

-noauth
Assigns the unprivileged identity anonymous to the issuer. For more details, see the introductory kas reference page.

-help
Prints the online help for this command. All other valid options are ignored.

Examples

The following example shows a user entering interactive mode as the privileged user admin.

   % kas interactive admin
   Password for admin: admin_password
   ka>
   

Privilege Required

None

Related Information

kas

kas noauthentication

kas quit


[Return to Library] [Contents] [Previous Topic] [Top of Topic] [Next Topic] [Index]



© IBM Corporation 2000. All Rights Reserved