ksrvtgt---fetch and store CNS ticket-granting-ticket using a service key
ksrvtgt name instance [[realm] srvtab]
ksrvtgt retrieves a ticket-granting ticket with a lifetime of 5
minutes for the principal name.instance@realm (or
name.instance@localrealm if realm is not supplied on
the command line), decrypts the response using the service key found in
srvtab (or in `/etc/krb-srvtab' if srvtab is not
specified on the command line), and stores the ticket in the standard
ticket cache.
This command is intended primarily for use in shell scripts and other batch-type facilities. For example, suppose you have one machine with a tape drive (we'll call it `tapehost'), and you want to be able to back up all machines on the local network on to that drive, and you want the backup script to run unattended.
rcmd service. This is already the
case if `tapehost' is a CNS application server.
rcmd.tapehost to the `~root/.klogin' file on each
client machine. This gives anybody with an rcmd.tapehost ticket
root access to those machines. (If the backup process on the client
machines need not be run as root, some other user can be used instead).
for m in clients; do ksrvtgt rcmd `tapehost' rsh $m dump | dd of=tapedevice doneThe
ksrvtgt command gets a ticket for the principal
rcmd.tapehost and store it in root's ticket file. Since
rcmd.tapehost is in `~root/.klogin' on the client machines,
the rsh is permitted.
ksrvtgt is invoked before each rsh
command. This is because the ticket obtained by ksrvtgt is
short-lived: it is only valid for five minutes.
ksrvtgt must be
able to read the `/etc/krb-srvtab' file, which should only be
readable by root.
rcmd.tapehost to the
`~root/.klogin' files on the client machines.