source: trunk/athena/bin/rkinit/rkinit.1 @ 13655

Revision 13655, 4.5 KB checked in by danw, 25 years ago (diff)
explode athena/bin/rkinit into athena/bin/rkinit, athena/lib/rkinit, and athena/etc/rkinitd
Line 
1.\"
2.\" $Id: rkinit.1,v 1.1 1999-10-05 17:08:34 danw Exp $
3.\"
4.\"
5.TH RKINIT 1 "November 12, 1989"
6.UC 4
7.SH NAME
8rkinit \- establish kerberos tickets safely on a remote host
9.SH SYNOPSIS
10.B rkinit [ host ]
11[ -p
12.B principal
13] [ -l
14.B username
15] [ -k
16.B kerberos_realm
17] [ -f
18.B ticket_file
19] [ -h
20.B remote_host
21] [ -t
22.B ticket_lifetime
23] [
24.B \-notimeout
25]
26
27A host name must be specified either as the first command line
28argument or following a \-h flag.  If redundant command line
29arguments are given, the last one to appear takes precedence.
30
31.SH DESCRIPTION
32.I rkinit
33is a program that allows a user to establish kerberos tickets on
34a remote host registered for
35rlogin service.  This can be done without the user's kerberos
36password ever leaving the client machine.
37
38In order to establish tickets remotely
39without the use of something like
40.I rkinit,
41one would have to log in to the
42remote host and run
43.IR kinit (1).
44.I rkinit
45followed by
46.I rlogin
47can be thought of as a safe substitute for
48.I rlogin
49followed
50.I kinit.
51
52.I rkinit
53uses the same access checking mechanism as
54.I rlogin.
55That means that
56.I rkinit
57can be used to create any tickets for user
58.I A
59on remote host
60.I B
61if and only if
62.IR A 's
63tickets would entitle a login to
64.I B.
65This means that one can create remote tickets for himself or for
66another user if he is in that user's .klogin file.
67
68.I rkinit
69understands the following command line options:
70
71.TP 4
72.B \-p \fIprincipal\fR
73If
74.I principal,
75in the format
76.I name[.inst][@realm]
77is specified, the tickets created on the remote host will be the
78tickets indicated by the
79.I principal
80field.  If this option is not given, the following defaults are
81used: If the user running
82.I rkinit
83does not have tickets on the client machine,
84.I rkinit
85will prompt for a password and behave effectively as if the user
86had invoked
87.I kinit
88on the specified
89remote host; i.e.,
90the tickets established will be owned on the remote host
91by the user who invoked
92.I rkinit
93and will be for the local realm of the
94remote host.
95If the user running
96.I rkinit
97already has tickets,
98.I rkinit
99will prompt for a password and create tickets whose principal
100matches that of the
101tickets that the user already has.
102
103
104.TP
105.B \-l \fIusername\fR
106If
107.I username
108is specified, the ticket file on the remote host will be owned by the
109user
110.I username. 
111If it is not specified, the tickets will be owned by
112the remote user whose login name matches that of the user invoking
113.I rkinit.
114
115.TP
116.B \-r \fIrealm\fR
117.I realm
118is used to tell
119.I rkinit
120what realm the remote host is in.  This
121option should not usually have to be used since
122.I rkinit
123uses
124.IR krb_realmofhost (3)
125to determine the remote host's kerberos realm.  Note that this
126is distinct from realm as specified in
127.I principal,
128which refers to the realm of the remote tickets.
129
130.TP
131.B \-f \fIticket_file\fR
132This option is used to specify the name of the ticket file that
133should be used on the remote host.  Note that if you
134specify a location for the ticket file that is other
135than the default, you will have to set the environment variable
136KRBTKFILE to that filename once you get to the remote host in
137order for you to use the tickets.
138If a ticket file is not specified, the tickets will
139be placed in the
140default location as specified by
141.IR tkt_file (3).
142On a UNIX host, this is /tmp/tkt<uid>, where
143<uid> is the user id of the person who owns the remote ticket file.
144
145.TP
146.B \-h \fIremote_host\fR
147.I remote host
148is the host on which remote tickets are being obtained.  This
149option can be used in place of specifying the host as the first
150command line argument.
151
152.TP
153.B \-t \fIticket_lifetime\fR
154.I ticket lifetime
155is the lifetime in minutes of the remote tickets.  If it is not
156specified, the default ticket life time (as defined in krb.h) is
157used.
158
159.TP
160.B \-notimeout
161prevents the client from timing out.  This is mainly useful only
162for debugging since the rkinit server also times out.
163
164.SH EXAMPLES
165
166In the following examples,
167.B tabetha
168and
169.B soup
170are machines in the
171.B ATHENA.MIT.EDU
172kerberos realm and
173.B local
174is a user who can log in
175to
176.B soup
177and has
178.B qjb.root@ATHENA.MIT.EDU
179in his .klogin file.
180
181
182% rkinit tabetha
183.br
184Kerberos initialization (tabetha)
185.br
186Password for qjb@ATHENA.MIT.EDU:
187.br
188%
189.br
190
191.br
192% rkinit soup -p qjb.root -l local
193.br
194Kerberos initialization (soup): tickets will be owned by local
195.br
196Password for qjb.root@ATHENA.MIT.EDU:
197.br
198%
199
200.SH SEE ALSO
201rkinitd(8), kerberos(1), kerberos(3), kinit(1)
202
203.SH AUTHOR
204Emanuel Jay Berkenbilt (MIT-Project Athena)
Note: See TracBrowser for help on using the repository browser.