osx man page for kinit

Osx Man Pages All Man Pages Latest Topics Forum Categories

Query: kinit

OS: osx

Section: 1

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

KINIT(1)						    BSD General Commands Manual 						  KINIT(1)


NAME

     kinit -- acquire initial tickets


SYNOPSIS

     kinit [--afslog] [-c cachename | --cache=cachename] [--canonicalize] [-f | --no-forwardable] [-t keytabname | --keytab=keytabname] [-l time |
	   --lifetime=time] [-p | --proxiable] [-R | --renew] [--renewable] [-r time | --renewable-life=time] [-S principal | --server=principal]
	   [-s time | --start-time=time] [-k | --use-keytab] [-v | --validate] [-e enctypes | --enctypes=enctypes] [-a addresses |
	   --extra-addresses=addresses] [--password-file=filename] [--fcache-version=version-number] [-A | --no-addresses] [--anonymous]
	   [--enterprise] [--version] [--help] [principal [command]]


DESCRIPTION

     kinit is used to authenticate to the Kerberos server as principal, or if none is given, a system generated default (typically your login name
     at the default realm), and acquire a ticket granting ticket that can later be used to obtain tickets for other services.

     Supported options:

     -c cachename --cache=cachename
	     The credentials cache to put the acquired ticket in, if other than default.

     -canonicalize
	     ask the KDC canonicalize the client name and server name. Useful with enterprise names, PK-INIT, and LKDC realms when the user
	     doesn't know its real kerberos user name.

     -f, --forwardable
	     Get ticket that can be forwarded to another host.

     -t keytabname, --keytab=keytabname

     -f --no-forwardable
	     Get ticket that can be forwarded to another host, or if the negative flags use, don't get a forwardable flag.

     -t keytabname, --keytab=keytabname
	     Don't ask for a password, but instead get the key from the specified keytab.

     -l time, --lifetime=time
	     Specifies the lifetime of the ticket.  The argument can either be in seconds, or a more human readable string like '1h'.

     -p, --proxiable
	     Request tickets with the proxiable flag set.

     -R, --renew
	     Try to renew ticket.  The ticket must have the 'renewable' flag set, and must not be expired.

     --renewable
	     The same as --renewable-life, with an infinite time.

     -r time, --renewable-life=time
	     The max renewable ticket life.

     -S principal, --server=principal
	     Get a ticket for a service other than krbtgt/LOCAL.REALM.

     -s time, --start-time=time
	     Obtain a ticket that starts to be valid time (which can really be a generic time specification, like '1h') seconds into the future.

     -k, --use-keytab
	     The same as --keytab, but with the default keytab name (normally FILE:/etc/krb5.keytab).

     -v, --validate
	     Try to validate an invalid ticket.

     -e, --enctypes=enctypes
	     Request tickets with this particular enctype.

     --password-file=filename
	     read the password from the first line of filename.  If the filename is STDIN, the password will be read from the standard input.

     --fcache-version=version-number
	     Create a credentials cache of version version-number.

     -a, --extra-addresses=enctypes
	     Adds a set of addresses that will, in addition to the systems local addresses, be put in the ticket.  This can be useful if all
	     addresses a client can use can't be automatically figured out.  One such example is if the client is behind a firewall.  Also set-
	     table via libdefaults/extra_addresses in krb5.conf(5).

     -A, --no-addresses
	     Request a ticket with no addresses.

     --anonymous
	     Request an anonymous ticket (which means that the ticket will be issued to an anonymous principal, typically ``anonymous@REALM'').

     -V, --verbose
	     Print slightly more verbose output from kinit when successful.

     --enterprise
	     Parse principal as a enterprise (KRB5-NT-ENTERPRISE) name. Enterprise names are email like principals that are stored in the name
	     part of the principal, and since there are two @ characters the parser needs to know that the first is not a realm.  An example of an
	     enterprise name is ``lha@e.kth.se@KTH.SE'', and this option is usually used with canonicalize so that the principal returned from the
	     KDC will typically be the real principal name.

     --afslog
	     Gets AFS tickets, converts them to version 4 format, and stores them in the kernel.  Only useful if you have AFS.

     The forwardable, proxiable, ticket_life, and renewable_life options can be set to a default value from the appdefaults section in krb5.conf,
     see krb5_appdefault(3).

     If  a command is given, kinit will set up new credentials caches, and AFS PAG, and then run the given command.  When it finishes the creden-
     tials will be removed.


ENVIRONMENT

     KRB5CCNAME
	     Specifies the default credentials cache.

     KRB5_CONFIG
	     The file name of krb5.conf, the default being /etc/krb5.conf.

     KRBTKFILE
	     Specifies the Kerberos 4 ticket file to store version 4 tickets in.


SEE ALSO

     kdestroy(1), klist(1), krb5_appdefault(3), krb5.conf(5), ktutil(8)


HEIMDAL 
							  April 25, 2006							   HEIMDAL
Related Man Pages
kinit(1) - freebsd
kcm(8) - netbsd
kinit(1) - sunos
kinit(1) - linux
kinit(1) - opendarwin
Similar Topics in the Unix Linux Community
Enterprise3500 trouble
Automate Kerboer kinit password
SUSE Linux Enterprise 12
Sun enterprise 420R boot issue
Suse enterprise server installation help