Provided by: openafs-kpasswd_1.6.15-1ubuntu1_amd64 bug


       kas_interactive - Enters interactive mode


       kas interactive
           [-admin_username <admin principal to use for authentication>]
           [-password_for_admin <admin password>] [-cell <cell name>]
           [-servers <explicit list of authentication servers>+]
           [-noauth] [-help]

       kas i [-a <admin principal to use for authentication>]
           [-p <admin password>] [-c <cell name>]
           [-s <explicit list of authentication servers>+] [-n] [-h]


       The kas interactive command establishes an interactive session for the issuer of the
       command. By default, the command interpreter establishes an authenticated connection for
       the user logged into the local file system with all of the Authentication Servers listed
       in the local /etc/openafs/CellServDB file for the cell named in the local
       /etc/openafs/ThisCell file. To specify an alternate identity, cell name, or list of
       Authentication Servers, include the -admin_username, -cell, or -servers arguments
       respectively. Interactive mode lasts for six hours unless the maximum ticket lifetime for
       the issuer or the Authentication Server's Ticket Granting Service is shorter.

       There are two other ways to enter interactive mode, in addition to the kas interactive

       ·   Type the kas command at the shell prompt without any operation code. If appropriate,
           include one or more of the -admin_username, -password_for_admin, -cell, and -servers

       ·   Type the kas command followed by a user name and cell name, separated by an "@" sign
           (for example: kas, to establish a connection under the specified
           identity with the Authentication Servers listed in the local /etc/openafs/CellServDB
           file for the indicated cell. If appropriate, provide the -servers argument to specify
           an alternate list of Authentication Server machines that belong to the indicated cell.

       There are several consequences of entering interactive mode:

       ·   The "ka>" prompt replaces the system (shell) prompt. When typing commands at this
           prompt, provide only the operation code (omit the command suite name, kas).

       ·   The command interpreter does not prompt for the issuer's password.

           The issuer's identity and password, the relevant cell, and the set of Authentication
           Server machines specified when entering interactive mode apply to all commands issued
           during the session. They cannot be changed without leaving the session, except by
           using the kas noauthentication command to replace the current authenticated
           connections with unauthenticated ones. The -admin_username, -password_for_admin,
           -cell, and -servers arguments are ignored if provided on a command issued during
           interactive mode.

       To establish an unauthenticated connection to the Authentication Server, include the
       -noauth flag or provide an incorrect password.  Unless authorization checking is disabled
       on each Authentication Server machine involved, however, it is not possible to perform any
       privileged operations within such a session.

       To end the current authenticated connection and establish an unauthenticated one, issue
       the kas noauthentication command. To leave interactive mode and return to the regular
       shell prompt, issue the kas quit command.


       -admin_username <admin principal>
           Specifies the user identity under which to authenticate with the Authentication Server
           for execution of the command. For more details, see kas(8).

       -password_for_admin <admin password>
           Specifies the password of the command's issuer. If it is omitted (as recommended), the
           kas command interpreter prompts for it and does not echo it visibly. For more details,
           see kas(8).

       -cell <cell name>
           Names the cell in which to run the command. For more details, see kas(8).

       -servers <authentication servers>+
           Names each machine running an Authentication Server with which to establish a
           connection. For more details, see kas(8).

           Assigns the unprivileged identity "anonymous" to the issuer. For more details, see

           Prints the online help for this command. All other valid options are ignored.


       The following example shows a user entering interactive mode as the privileged user

          % kas interactive admin
          Password for admin: I<admin_password>




       kas(8), kas_noauthentication(8), kas_quit(8)


       IBM Corporation 2000. <> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.  It was converted
       from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by
       Alf Wachsmann and Elizabeth Cassell.