1
kas setfields AFS Commands kas setfields
6
kas setfields -- set various flags, expiration date and
8
ticket lifetime for Authentication
12
kas setfields -name <name of user>
13
[-flags <hex flag value or flag name expression>]
14
[-expiration <date of account expiration>]
15
[-lifetime <maximum ticket lifetime>]
16
[-admin_username <admin principal to use for
18
[-password_for_admin <admin password>] [-cell <cell name>]
19
[-servers <explicit list of authentication
24
ACCEPTABLE ABBREVIATIONS/ALIASES
26
kas sf -na <name of user> [-f <hex flag value or flag name
28
[-e <date of account expiration>]
29
[-l <maximum ticket lifetime>]
30
[-ad <admin principal to use for authentication>]
31
[-p <admin password>] [-c <cell name>]
33
[-s <explicit list of authentication servers> ] [-no] [-h]
37
Changes the Authentication Database entry for name of user
38
in the manner specified by the various optional arguments,
39
which may occur singly or in combination. See the ARGUMENTS
40
section for a description of the values that may be set.
42
The results of this command are visible in the output of the
47
-name specifies the entry to be affected.
49
-flags sets any one of four toggling flags in name's
50
entry. The default is for none of the flags to be
51
set. A value of 0 returns all four flags to their
52
defaults. The following explains the four
53
non-default values to set, their meanings and the
56
- ADMIN (Hex equivalent: 0x004). The name of
57
user is allowed to issue privileged kas
58
commands (Default: NOADMIN).
60
- NOTGS (Hex equivalent: 0x008). The Ticket
61
Granting Service will refuse to issue tickets
62
to name of user (Default: TGS).
64
- NOSEAL (Hex equivalent: 0x020). The Ticket
68
Granting Service cannot use the contents of
69
this entry's key field as an encryption key
72
- NOCPW (Hex equivalent: 0x040). The name of
73
user cannot change his/her/its own password
74
or key (Default: CPW).
76
Both upper and lower-case letters are acceptable
77
in specifying values for the flags.
79
To restore the ADMIN flag to its default, specify
80
NOADMIN. To restore the other flags to their
81
defaults, omit the NO (i.e., type TGS, SEAL or
84
To set more than one flag at once, connect them
85
with plus signs (example: NOTGS+ADMIN+CPW). To
86
remove all the current flag settings before
87
setting new ones, precede the whole list with an
88
equal sign (example: =NOTGS+ADMIN+CPW).
91
determines when the entry itself expires, which
92
will render an individual user unable to log in to
93
the system, and a server unreachable. The default
96
There are three types of legal values:
98
- never, which allows the issuer to return
99
the expiration time to its default after
100
having set it to a date.
102
- mm/dd/yy specifies 12:00 a.m. on the
103
indicated date (month/day/year).
104
Examples : 1/23/90, 10/7/89.
106
- "mm/dd/yy hh:mm" specifies a time
107
"hh:mm" (hour:minutes) on the indicated
108
date (month/day/year). The time should
109
be in 24-hour format (for example, 20:30
110
is 8:30 p.m.) Date format is the same
111
as for a date alone. Surround the
112
entire instance with quotes because it
113
contains a space. Examples : "1/23/90
114
22:30", "10/7/89 3:45".
116
Legal values for yy run from 00 to 37, which are
117
interpreted as the years 2000-2037, and from 70 to
118
99 which are interpreted as 1970-1999. (This
119
restriction is because the Authentication Server
120
converts the date into the number of seconds
121
elapsed since 1 February 1970, to comply with the
122
standard UNIX date representation; dates later
123
than sometime in February 2038 exceed the
124
representation's capacity.)
126
-lifetime specifies the upper limit on the validity lifetime
127
that the TGS may stamp on a ticket issued to an
128
individual or for a server. That is, if name of
132
user is an individual, this value is the maximum
133
lifetime of a ticket issued to the user. If name
134
of user is a server such as "afs," this value is
135
the maximum lifetime of a ticket that the TGS
136
issues to clients in order to contact the server.
138
To specify a number of hours, include a colon in
139
the number (example: 1:00 means one hour).
140
Otherwise, the number is assumed to be in seconds
141
(so 3600 means one hour). If this argument is not
142
provided, the default setting is 100:00 hours
146
specifies the user name under which the issuer
147
wishes to perform the command. If the issuer does
148
not provide it, the current identity is used. See
149
section 4.3 in the Reference Manual for more
150
details. -password_for_admin
151
specifies the issuer's password. If provided
152
here, the password is visible on the screen. If
153
the issuer does not provide it, it will be
154
prompted for and not be visible on the screen.
155
See section 4.3 in the Reference Manual for more
157
specifies the cell in which to run the command, if
158
not the local cell. See section 4.3 in the
159
Reference Manual for more details. -servers
160
specifies the database server machine(s) with
161
which to establish a connection. See section 4.3
162
in the Reference Manual for more details. -noauth
163
establishes an unauthenticated connection between
164
the Authentication Servers and issuer, whom they
165
assign the unprivileged identity anonymous rather
166
than attempting mutual authentication. See
167
section 4.3 in the Reference Manual for more
170
-help prints the online help for this command. Do not
171
provide any other arguments or flags with this
172
one. See section 4.3 in the Reference Manual for
177
In the following, admin grants administrative privilege to
178
smith, and makes smith's entry expire at midnight on 31
181
% kas sf smith ADMIN 12/31/95 Password for admin:
185
Issuer must have the ADMIN flag set in his or her
186
Authentication Database entry.