ksession(TC)


ksession -- monitor an existing Kerberos credentials cache

Syntax

ksession [ -c ] [ -w ] [ -t minutes ]

Description

ksession forks and executes a user's default shell program (as specified in /etc/passwd) while monitoring their existing Kerberos credentials cache. When the user ends their shell session, ksession automatically cleans up their credentials (unless -c is specified).

If the -w option is not specified, the user is also warned if their Kerberos credentials have expired or are about to expire.

The file .credscript in the user's home directory, is executed in the following cases:

NOTE: The .credscript file executes every 10 minutes if one of the above conditions is true. You should take this into account when programming the .credscript file.

.credscript only executes if it is owned by the user or by root, and write permission is disabled for group and other. The -w flag does not affect the execution of the .credscript file.

ksession understands the following options:


-c
do not remove the user's Kerberos credentials when the shell session ends.

-w
do not print warning messages when the user's Kerberos credentials expire or are about to expire.

-t minutes
begin printing warning messages minutes before credentials actually expire. Additionally, the .credscript file executes with the warn argument set.

Limitations

You cannot specify a shell other than the default shell defined in /etc/passwd.

Files


/etc/expire.creds
checked for credentials expiration

$HOME/.credscript
optional Bourne shell script executed upon credentials expiration

See Also

kdestroy(TC), kinit(TC), klist(TC), passwd(F)

Standards conformance

ksession is not part of any currently supported standard. It is an extension of AT&T UNIX System V provided by The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 02 June 2005