KGETCRED(1) BSD General Commands Manual KGETCRED(1)NAME
kgetcred -- get a ticket for a particular service
SYNOPSIS
kgetcred [--canonicalize] [-c -cache | --cache=cache] [-e enctype | --enctype=enctype] [-name-type=name-type] [--no-transit-check]
[--version] [--help] service
kgetcred [options] -name-type=SRV_HST service hostname
DESCRIPTION
kgetcred obtains a ticket for a service. Usually tickets for services are obtained automatically when needed but sometimes for some odd rea-
son you want to obtain a particular ticket or of a special type.
The second form applies hostname canonicalization using local name canonicalization rules just as applications normally would, possibly
enabling canonicalization via referrals.
Supported options:
--canonicalize
requests that the KDC canonicalize the principal.
--name-type=name-type
the name-type to use when parsing the principal name.
-c cache, --cache=cache
the credential cache to use.
--delegation-credential-cache=cache
the credential cache to use for delegation.
-e enctype, --enctype=enctype
encryption type to use.
--no-transit-check
requests that the KDC doesn't do transit checking.
--forwardable
--version
--help
SEE ALSO kinit(1), klist(1)HEIMDAL March 12, 2004 HEIMDAL
Check Out this Related Man Page
KLIST(1) BSD General Commands Manual KLIST(1)NAME
klist -- list Kerberos credentials
SYNOPSIS
klist [-c cache | --cache=cache] [-s | -t | --test] [-T | --tokens] [-5 | --v5] [-v | --verbose] [-l | --list-caches] [-f] [--version]
[--help]
DESCRIPTION
klist reads and displays the current tickets in the credential cache (also known as the ticket file).
Options supported:
-c cache, --cache=cache
credential cache to list
-s, -t, --test
Test for there being an active and valid TGT for the local realm of the user in the credential cache.
-T, --tokens
display AFS tokens
-5, --v5
display v5 cred cache (this is the default)
-f Include ticket flags in short form, each character stands for a specific flag, as follows:
F forwardable
f forwarded
P proxiable
p proxied
D postdate-able
d postdated
R renewable
I initial
i invalid
A pre-authenticated
H hardware authenticated
This information is also output with the --verbose option, but in a more verbose way.
-v, --verbose
Verbose output. Include all possible information:
Server
the principal the ticket is for
Ticket etype
the encryption type used in the ticket, followed by the key version of the ticket, if it is available
Session key
the encryption type of the session key, if it's different from the encryption type of the ticket
Auth time
the time the authentication exchange took place
Start time
the time that this ticket is valid from (only printed if it's different from the auth time)
End time
when the ticket expires, if it has already expired this is also noted
Renew till
the maximum possible end time of any ticket derived from this one
Ticket flags
the flags set on the ticket
Addresses
the set of addresses from which this ticket is valid
-l, --list-caches
List the credential caches for the current users, not all cache types supports listing multiple caches.
SEE ALSO kdestroy(1), kinit(1)HEIMDAL October 6, 2005 HEIMDAL