ksession --
monitor an existing Kerberos credentials cache
Syntax
ksession
[ -c ] [ -w ] [ -tminutes ]
Description
ksession forks and executes a user's default
shell program (as specified in /etc/passwd) while
monitoring their existing Kerberos credentials cache.
When the user ends their shell session, ksession
automatically cleans up their credentials
(unless -c is specified).
If the -w option is not specified, the user is also
warned if their Kerberos credentials have expired or are about
to expire.
The file .credscript
in the user's home directory,
is executed in the following cases:
when credentials are about to expire,
ksession executes
/bin/sh $HOME/.credscriptwarn
after credentials have expired,
ksession executes
/bin/sh $HOME/.credscriptexpire
if the credentials cache is removed or becomes corrupted,
ksession executes
/bin/sh $HOME/.credscripterror
NOTE: The .credscript file
executes every 10 minutes
if one of the above conditions is true.
You should take this into account when
programming the .credscript file.
.credscript only executes if it is owned by the user
or by root, and write permission is disabled for group
and other. The -w flag does not affect the execution
of the .credscript file.
ksession understands the following options:
-c
do not remove the user's Kerberos credentials
when the shell session ends.
-w
do not print warning messages
when the user's Kerberos credentials expire or are
about to expire.
-tminutes
begin printing warning messages minutes before
credentials actually expire. Additionally, the .credscript
file executes with the warn argument set.
Limitations
You cannot specify a shell other than the
default shell defined in /etc/passwd.
Files
/etc/expire.creds
checked for credentials expiration
$HOME/.credscript
optional Bourne shell script executed upon credentials expiration