klist(1) [netbsd man page]
KLIST(1) BSD General Commands Manual KLIST(1) NAME
klist -- list Kerberos credentials SYNOPSIS
klist [-c cache | --cache=cache] [-s | -t | --test] [-T | --tokens] [-5 | --v5] [-v | --verbose] [-l | --list-caches] [-f] [--version] [--help] DESCRIPTION
klist reads and displays the current tickets in the credential cache (also known as the ticket file). Options supported: -c cache, --cache=cache credential cache to list -s, -t, --test Test for there being an active and valid TGT for the local realm of the user in the credential cache. -T, --tokens display AFS tokens -5, --v5 display v5 cred cache (this is the default) -f Include ticket flags in short form, each character stands for a specific flag, as follows: F forwardable f forwarded P proxiable p proxied D postdate-able d postdated R renewable I initial i invalid A pre-authenticated H hardware authenticated This information is also output with the --verbose option, but in a more verbose way. -v, --verbose Verbose output. Include all possible information: Server the principal the ticket is for Ticket etype the encryption type used in the ticket, followed by the key version of the ticket, if it is available Session key the encryption type of the session key, if it's different from the encryption type of the ticket Auth time the time the authentication exchange took place Start time the time that this ticket is valid from (only printed if it's different from the auth time) End time when the ticket expires, if it has already expired this is also noted Renew till the maximum possible end time of any ticket derived from this one Ticket flags the flags set on the ticket Addresses the set of addresses from which this ticket is valid -l, --list-caches List the credential caches for the current users, not all cache types supports listing multiple caches. SEE ALSO
kdestroy(1), kinit(1) BSD
October 6, 2005 BSD
Check Out this Related Man Page
KINIT(1) General Commands Manual KINIT(1) NAME
kinit - obtain and cache Kerberos ticket-granting ticket SYNOPSIS
kinit [-5] [-4] [-V] [-l lifetime] [-s start_time] [-r renewable_life] [-p | -P] [-f | -F] [-A] [-v] [-R] [-k [-t keytab_file]] [-c cache_name] [-S service_name] [principal] DESCRIPTION
kinit obtains and caches an initial ticket-granting ticket for principal.Thetypicaldefaultbehavioristoacquireonly Kerberos 5 tickets. How- ever, if kinit was built with both Kerberos 4 support and with the default behavior of acquiring both types of tickets, it will try to acquire both Kerberos 5 and Kerberos 4 by default. Any documentation particular to Kerberos 4 does not apply if Kerberos 4 support was not built into kinit. OPTIONS
-5 get Kerberos 5 tickets. This overrides whatever the default built-in behavior may be. This option may be used with -4 -4 get Kerberos 4 tickets. This overrides whatever the default built-in behavior may be. This option is only available if kinit was built with Kerberos 4 compatibility. This option may be used with -5 -V display verbose output. -l lifetime requests a ticket with the lifetime lifetime. The value for lifetime must be followed immediately by one of the following delim- iters: s seconds m minutes h hours d days as in "kinit -l 90m". You cannot mix units; a value of `3h30m' will result in an error. If the -l option is not specified, the default ticket lifetime (configured by each site) is used. Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) results in a ticket with the maximum lifetime. -s start_time requests a postdated ticket, valid starting at start_time. Postdated tickets are issued with the invalid flag set, and need to be fed back to the kdc before use. (Not applicable to Kerberos 4.) -r renewable_life requests renewable tickets, with a total lifetime of renewable_life. The duration is in the same format as the -l option, with the same delimiters. (Not applicable to Kerberos 4.) -f request forwardable tickets. (Not applicable to Kerberos 4.) -F do not request forwardable tickets. (Not applicable to Kerberos 4.) -p request proxiable tickets. (Not applicable to Kerberos 4.) -P do not request proxiable tickets. (Not applicable to Kerberos 4.) -A request address-less tickets. (Not applicable to Kerberos 4.) -v requests that the ticket granting ticket in the cache (with the invalid flag set) be passed to the kdc for validation. If the ticket is within its requested time range, the cache is replaced with the validated ticket. (Not applicable to Kerberos 4.) -R requests renewal of the ticket-granting ticket. Note that an expired ticket cannot be renewed, even if the ticket is still within its renewable life. When using this option with Kerberos 4, the kdc must support Kerberos 5 to Kerberos 4 ticket conversion. -k [-t keytab_file] requests a host ticket, obtained from a key in the local host's keytab file. The name and location of the keytab file may be speci- fied with the -t keytab_file option; otherwise the default name and location will be used. When using this option with Kerberos 4, the kdc must support Kerberos 5 to Kerberos 4 ticket conversion. -c cache_name use cache_name as the Kerberos 5 credentials (ticket) cache name and location; if this option is not used, the default cache name and location are used. The default credentials cache may vary between systems. If the KRB5CCNAME environment variable is set, its value is used to name the default ticket cache. Any existing contents of the cache are destroyed by kinit. (Note: The default name for Kerberos 4 comes from the KRBTKFILE environment variable. This option does not apply to Kerberos 4.) -S service_name specify an alternate service name to use when getting initial tickets. (Applicable to Kerberos 5 or if using both Kerberos 5 and Kerberos 4 with a kdc that supports Kerberos 5 to Kerberos 4 ticket conversion.) ENVIRONMENT
Kinit uses the following environment variables: KRB5CCNAME Location of the Kerberos 5 credentials (ticket) cache. KRBTKFILE Filename of the Kerberos 4 credentials (ticket) cache. FILES
/tmp/krb5cc_[uid] default location of Kerberos 5 credentials cache ([uid] is the decimal UID of the user). /tmp/tkt[uid] default location of Kerberos 4 credentials cache ([uid] is the decimal UID of the user). /etc/krb5.keytab default location for the local host's keytab file. SEE ALSO
klist(1), kdestroy(1), krb5(3) KINIT(1)