SUPPORTED FUNCTIONALITIES---C5S 

CNS V5 for Unix

This document contains the functions of the CNS program that are
supported.

We support only DES-CRC keys.  Multiple encryption types are not
supported at this time.

Directly-keyed cross-realm authentication is supported.  Hierarchal
cross-realm authentication is not.

SNK4 device:
User authentication via SNK4 device from Digital Pathways.  Requires
password followed by challenge/response.

The following list is broken up into System Administrator Commands,
Login and User Admin Commands, and User Commands.  Variables (e.g.,
$foo) are used to indicate sample input.  The functions themselves are
listed in lower case type at the left margin, with the supported
features immediately below.  The first level of indentation indicates
commands typed at the shell prompt.  The second level of indentation
indicates commands typed to the subshell spawned by the command.
Descriptions of functionalities appear at the left margin.

SYSTEM ADMINISTRATOR COMMANDS

kdb5_edit: 
    kdb5_edit
    kdb5_edit -r $REALM
	add_admin
	delete_admin
	dump_db 
	load_db 

kdb5_create: 
    kdb5create -r $REALM

kdb5_stash:
    kdb5_stash -r $REALM

krb5kdc:
    krb5kdc -r $REALM -n

kadmin5/kadmind5:
    exec kadmind5 -a $path/acl -r $REALM -n 2>>$kadmind_lfile
    kadmin5 -m -p krbtest/admin@$REALM
	ank $kkey@$REALM
	ark $kkey@$REALM

    kadmin5 -m -p krbtest/admin@$REALM ank $pname
    kadmin5 -m -p krbtest/admin@$REALM ark $pname
    kadmin5 -m -p krbtest/admin@$REALM show $pname
    kadmin5 -m -p krbtest/admin@$REALM cpw $pname
    kadmin5 -m -p krbtest/admin@$REALM crk $pname
    kadmin5 -m -p krbtest/admin@$REALM -- modent $pname -allow-tickets
    kadmin5 -m -p krbtest/admin@$REALM -- modent $pname +allow-tickets
    kadmin5 -m -p krbtest/admin@$REALM -- modent $pname maxlife=2500
    kadmin5 -m -p krbtest/admin@$REALM -- renent -force $pname $npname
    kadmin5 -m -p krbtest/admin@$REALM ldb
    kadmin5 -m -p krbtest/admin@$REALM xst $instance $name
    kadmin5 -m -p krbtest/admin@$REALM xst4 $instance $name
    kadmin5 -m -p krbtest/admin@$REALM -- delent -force $pname

kprop/kpropd:

The following must appear in the slave machine's /etc/inetd.conf:
    krb5_prop stream tcp nowait root /usr/cygnus/cns5/sbin/kpropd kpropd

The following must be the contents of $path/lib/krb5kdc/kpropd.acl on
the slave machine:
    host/$host@$REALM

On the master:    
    kdb5_edit -R "ddb $path/lib/krb5kdc/slave_datatrans"
    kprop $slave.host.name


LOGIN & USER ADMIN COMMANDS

kinit:
    kinit $name@$REALM
    kinit -c $ccache $name@$REALM
    kinit -l
    kinit -f

klist:
    klist

kdestroy:
    kdestroy

kpasswd:
    kpasswd -u $princ

/bin/login:
Logs in users who appear in /etc/passwd with their kerberos password,
obtains tickets, and authenticates to local machine.

xdm:

Logs in users who appear in /etc/passwd with their kerberos password,
obtains tickets, and authenticates to the local machine.  Rebuilding from
source code is supported only if the X installation matches what the
configure scripts expect.

USER COMMANDS

rsh:
    rsh $host -k $REALM -D $port -A $cmd
    rsh $host -f -k $REALM -A $cmd
    rsh $host -x -k $REALM -A $cmd
    rsh $host -k $REALM -A $BINSH -c "$cmd"
    rsh $host -x -k $REALM -A $BINSH -c "$cmd"

rcp:
    rcp -f -N -k $REALM $path1/$file $path2/$copy
    rcp -D $port -N -k $REALM $path1/$file $path2/$copy
    rcp -N -k $REALM $host:$rpath/$file $lpath/$copy
    rcp -N -k $REALM $lpath/$file $host:$rpath/$copy
    rcp -x -c $KRB5CCNAME -C $KRB5_CONFIG -N $host:$path/$file $path/$copy
    rcp -x -c $KRB5CCNAME -C $KRB5_CONFIG -N $path/$file $host:$path/$copy

telnet:
    telnet $host
    telnet -f $host
    telnet -- $host -$port
    telnet -a -k $REALM -- $host 
    telnet -a -x -k $REALM -- $host 

rlogin:
    rlogin $host
    rlogin $host -l $USER
    rlogin -f $host
    rlogin $host -k $REALM -D $port
    rlogin $host -x -k $REALM -D $port
    ~.

ftp:
    ftp $host $port
	binary
	status
	get $rpath/file $lpath/copy
	put $lpath/file $rpath/copy
	cd $dir
	lcd $dir
	clear
	safe
	private
	close
	quit

ksu:
    ksu
