dce_login(1m)dce_login(1m)NAMEdce_login - Validates a principal's identity and obtains the princi‐
pal's network credentials
SYNOPSISdce_login [principal_name] [password] [-c | -k keytable] [-r] [-f | +f]
[-e[xec] cmd_string]
OPTIONS
Causes the principal's identity to be certified. If you do not specify
-c, the principal's identity is validated only. Retrieves the authen‐
tication key from keytable. Refreshes and validates the current login
ID. Enables DCE TGT to be forwardable. Disables DCE TGT to be for‐
wardable. Executes the command supplied as cmd_string.
ARGUMENTS
The name of the principal to log in as. The password for princi‐
pal_name.
DESCRIPTION
The dce_login command is supplied for use in DCE configuration. It
validates a principal's identity and obtains the principal's network
credentials.
If the -c option is supplied, the command also certifies the princi‐
pal's identity, and, if the principal is able to be certified, creates
an entry for the principal in the machine's local registry. If the
principal is not able to be certified, the command attempts to log the
principal in via the local registry.
The -exec option executes the command specified by cmd_string after
login. If cmd_string is specified without a full pathname, the path
prefix is obtained by searching the directories according to the PATH
variable.
If you do not supply the name of the principal to validate, either on
the command line with the principal_name argument or through the -r
option that retrieves the principal name from the current login con‐
text, dce_login prompts for the principal name. If you do not supply
the principal's authentication key either on the command line with
password argument or through the -k option that retrieves the principal
authentication key from the specified keytable, dce_login prompts for
the password.
If you supply the principal name and password on the command line, you
must specify the principal name first, followed by the password. If
you supply the principal_name argument and the -r option, the named
principla must be the principal of the current network identity.
If you supply the -f option, the forwardable TGT attribute is then
turned on for this login context. Then when forwarding a user's DCE
TGT from machine A to machine B, it enables the user from machine A to
reuse their Kerberos credentials on machine B. The option +f turns off
the forwardable TGT attribute. -f and +f can be used in conjunction
with -r to change the forwardable TGT attribute for the current login
context.
The dce_login command executes the shell specified in the SHELL envi‐
ronment variable.
Note that if the clocks on the Security server and client machines are
not synchronized to within 2 or 3 minutes of each other, you may
receive a password validation error and be unable to be validated.
dce_login(1m)