monitor an existing Kerberos credentials cache
[ -c ] [ -w ] [ -t minutes ]
ksession forks and executes a user's default
shell program (as specified in /etc/passwd) while
monitoring their existing Kerberos credentials cache.
When the user ends their shell session, ksession
automatically cleans up their credentials
(unless -c is specified).
If the -w option is not specified, the user is also
warned if their Kerberos credentials have expired or are about
The file .credscript
in the user's home directory,
is executed in the following cases:
NOTE: The .credscript file
executes every 10 minutes
if one of the above conditions is true.
You should take this into account when
programming the .credscript file.
when credentials are about to expire,
/bin/sh $HOME/.credscript warn
after credentials have expired,
/bin/sh $HOME/.credscript expire
if the credentials cache is removed or becomes corrupted,
/bin/sh $HOME/.credscript error
.credscript only executes if it is owned by the user
or by root, and write permission is disabled for group
and other. The -w flag does not affect the execution
of the .credscript file.
ksession understands the following options:
do not remove the user's Kerberos credentials
when the shell session ends.
do not print warning messages
when the user's Kerberos credentials expire or are
about to expire.
begin printing warning messages minutes before
credentials actually expire. Additionally, the .credscript
file executes with the warn argument set.
You cannot specify a shell other than the
default shell defined in /etc/passwd.
checked for credentials expiration
optional Bourne shell script executed upon credentials expiration
ksession is not part of any currently supported
standard. It is an extension of AT&T UNIX System V
provided by The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 02 June 2005