"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/man/ksu.man" between
krb5-1.17.1.tar.gz and krb5-1.18.tar.gz

About: Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography (MIT implementation). Current release.

ksu.man  (krb5-1.17.1):ksu.man  (krb5-1.18)
KSU(1) MIT Kerberos KSU(1) KSU(1) MIT Kerberos KSU(1)
NAME NAME
ksu - Kerberized super-user ksu - Kerberized super-user
SYNOPSIS SYNOPSIS
ksu [ target_user ] [ -n target_principal_name ] [ -c source_cache_name ] ksu [ target_user ] [ -n target_principal_name ] [ -c source_cache_name ]
[ -k ] [ -r time ] [ -pf ] [ -l [ -k ] [ -r time ] [ -p | -P] [
lifetime ] [ -z | Z ] [ -q ] [ -e command [ args ... ] ] [ -a [ args ... -f | -F] [ -l lifetime ] [ -z | Z ] [ -q ] [ -e command [ args ... ] ] [
] ] -a [ args ... ] ]
REQUIREMENTS REQUIREMENTS
Must have Kerberos version 5 installed to compile ksu. Must have a Kerbe ros version 5 server running to Must have Kerberos version 5 installed to compile ksu. Must have a Kerbe ros version 5 server running to
use ksu. use ksu.
DESCRIPTION DESCRIPTION
ksu is a Kerberized version of the su program that has two missions: on e is to securely change the real ksu is a Kerberized version of the su program that has two missions: on e is to securely change the real
and effective user ID to that of the target user, and the other is to cre ate a new security context. and effective user ID to that of the target user, and the other is to cre ate a new security context.
NOTE: NOTE:
skipping to change at line 163 skipping to change at line 163
default principal. Note that the -z option is mutually exclusive with the -Z option. default principal. Note that the -z option is mutually exclusive with the -Z option.
-Z Don't copy any tickets from the source cache to the target cache. Just create a fresh target -Z Don't copy any tickets from the source cache to the target cache. Just create a fresh target
cache, where the default principal name of the cache is initializ ed to the target principal name. cache, where the default principal name of the cache is initializ ed to the target principal name.
Note that the -Z option is mutually exclusive with the -z option. Note that the -Z option is mutually exclusive with the -z option.
-q Suppress the printing of status messages. -q Suppress the printing of status messages.
Ticket granting ticket options: Ticket granting ticket options:
-l lifetime -r time -pf -l lifetime -r time -p -P -f -F
The ticket granting ticket options only apply to the case where th ere are no appropriate tickets The ticket granting ticket options only apply to the case where th ere are no appropriate tickets
in the cache to authenticate the source user. In this case if k su is configured to prompt users in the cache to authenticate the source user. In this case if k su is configured to prompt users
for a Kerberos password (GET_TGT_VIA_PASSWD is defined), the ticke t granting ticket options that for a Kerberos password (GET_TGT_VIA_PASSWD is defined), the ticke t granting ticket options that
are specified will be used when getting a ticket granting ticket f rom the Kerberos server. are specified will be used when getting a ticket granting ticket f rom the Kerberos server.
-l lifetime -l lifetime
(duration string.) Specifies the lifetime to be requested for t he ticket; if this option is not (duration string.) Specifies the lifetime to be requested for t he ticket; if this option is not
specified, the default ticket lifetime (12 hours) is used instead. specified, the default ticket lifetime (12 hours) is used instead.
-r time -r time
(duration string.) Specifies that the renewable option should be requested for the ticket, and (duration string.) Specifies that the renewable option should be requested for the ticket, and
specifies the desired total lifetime of the ticket. specifies the desired total lifetime of the ticket.
-p specifies that the proxiable option should be requested for the ti cket. -p specifies that the proxiable option should be requested for the ti cket.
-P specifies that the proxiable option should not be requested for
the ticket, even if the default
configuration is to ask for proxiable tickets.
-f option specifies that the forwardable option should be requested f or the ticket. -f option specifies that the forwardable option should be requested f or the ticket.
-F option specifies that the forwardable option should not be request
ed for the ticket, even if the
default configuration is to ask for forwardable tickets.
-e command [args ...] -e command [args ...]
ksu proceeds exactly the same as if it was invoked without the - e option, except instead of exe- ksu proceeds exactly the same as if it was invoked without the - e option, except instead of exe-
cuting the target shell, ksu executes the specified command. Examp le of usage: cuting the target shell, ksu executes the specified command. Examp le of usage:
ksu bob -e ls -lag ksu bob -e ls -lag
The authorization algorithm for -e is as follows: The authorization algorithm for -e is as follows:
If the source user is root or source user == target user, no autho rization takes place and the If the source user is root or source user == target user, no autho rization takes place and the
command is executed. If source user id != 0, and ~target_us er/.k5users file does not exist, command is executed. If source user id != 0, and ~target_us er/.k5users file does not exist,
skipping to change at line 277 skipping to change at line 283
SEE ALSO SEE ALSO
kerberos(7), kinit(1) kerberos(7), kinit(1)
AUTHOR AUTHOR
MIT MIT
COPYRIGHT COPYRIGHT
1985-2019, MIT 1985-2019, MIT
1.17.1 KSU(1) 1.18 KSU(1)
 End of changes. 5 change blocks. 
5 lines changed or deleted 13 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)