Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

klist(1) [redhat man page]

KLIST(1)						      General Commands Manual							  KLIST(1)

NAME

       klist - list cached Kerberos tickets

SYNOPSIS

       klist [-5] [-4] [-e] [[-c] [-f] [-s] [-a  [-n]]] [-k [-t] [-K]] [cache_name | keytab_name]

DESCRIPTION

       Klist lists the Kerberos principal and Kerberos tickets held in a credentials cache, or the keys held in a keytab file.	If klist was built
       with Kerberos 4 support, the default behavior is to list both Kerberos 5 and Kerberos 4 credentials.   Otherwise,  klist  will  default	to
       listing only Kerberos 5 credentials.

OPTIONS

       -5     list Kerberos 5 credentials.  This overrides whatever the default built-in behavior may be.  This option may be used with -4

       -4     list  Kerberos 4 credentials.  This overrides whatever the default built-in behavior may be.  This option is only available if kinit
	      was built with Kerberos 4 compatibility.	This option may be used with -5

       -e     displays the encryption types of the session key and the ticket for each credential in the credential cache,  or	each  key  in  the
	      keytab file.

       -c     List tickets held in a credentials cache.  This is the default if neither -c nor -k is specified.

       -f     shows the flags present in the credentials, using the following abbreviations:

		   F	Forwardable
		   f	forwarded
		   P	Proxiable
		   p	proxy
		   D	postDateable
		   d	postdated
		   R	Renewable
		   I	Initial
		   i	invalid

       -s     causes  klist  to  run  silently (produce no output), but to still set the exit status according to whether it finds the credentials
	      cache.  The exit status is `0' if klist finds a credentials cache, and `1' if it does not.

       -a     display list of addresses in credentials.

       -n     show numeric addresses instead of reverse-resolving addresses.

       -k     List keys held in a keytab file.

       -t     display the time entry timestamps for each keytab entry in the keytab file.

       -K     display the value of the encryption key in each keytab entry in the keytab file.

       If cache_name or keytab_name is not specified, klist will display the credentials in the default credentials cache or keytab file as appro-
       priate.	If the KRB5CCNAME environment variable is set, its value is used to name the default ticket cache.

ENVIRONMENT

       Klist uses the following environment variables:

       KRB5CCNAME      Location of the Kerberos 5 credentials (ticket) cache.

       KRBTKFILE      Filename of the Kerberos 4 credentials (ticket) cache.

FILES

       /tmp/krb5cc_[uid]  default location of Kerberos 5 credentials cache ([uid] is the decimal UID of the user).

       /tmp/tkt[uid]  default location of Kerberos 4 credentials cache ([uid] is the decimal UID of the user).

       /etc/krb5.keytab
		      default location for the local host's keytab file.

SEE ALSO

       kinit(1), kdestroy(1), krb5(3)

																	  KLIST(1)

Check Out this Related Man Page

KDESTROY(1)						      General Commands Manual						       KDESTROY(1)

NAME

       kdestroy - destroy Kerberos tickets

SYNOPSIS

       kdestroy [-5] [-4] [-q] [-c cache_name]

DESCRIPTION

       The  kdestroy  utility  destroys  the user's active Kerberos authorization tickets by writing zeros to the specified credentials cache that
       contains them.  If the credentials cache is not specified, the default credentials cache is destroyed.  If kdestroy was built with Kerberos
       4  support,  the default behavior is to destroy both Kerberos 5 and Kerberos 4 credentials.  Otherwise, kdestroy will default to destroying
       only Kerberos 5 credentials.

OPTIONS

       -5     destroy Kerberos 5 credentials.  This overrides whatever the default built-in behavior may be.  This option may be used with -4

       -4     destroy Kerberos 4 credentials.  This overrides whatever the default built-in behavior may be.  This option  is  only  available	if
	      kinit was built with Kerberos 4 compatibility.  This option may be used with -5

       -q     Run quietly.  Normally kdestroy beeps if it fails to destroy the user's tickets.	The -q flag suppresses this behavior.

       -c cache_name
	      use  cache_name as the credentials (ticket) cache name and location; if this option is not used, the default cache name and location
	      are used.

	      The default credentials cache may vary between systems.  If the KRB5CCNAME environment variable is set, its value is  used  to  name
	      the default ticket cache.

       Most  installations  recommend  that  you place the kdestroy command in your .logout file, so that your tickets are destroyed automatically
       when you log out.

ENVIRONMENT

       Kdestroy uses the following environment variables:

       KRB5CCNAME      Location of the Kerberos 5 credentials (ticket) cache.

       KRBTKFILE      Filename of the Kerberos 4 credentials (ticket) cache.

FILES

       /tmp/krb5cc_[uid]  default location of Kerberos 5 credentials cache ([uid] is the decimal UID of the user).

       /tmp/tkt[uid]  default location of Kerberos 4 credentials cache ([uid] is the decimal UID of the user).

SEE ALSO

       kinit(1), klist(1), krb5(3)

BUGS

       Only the tickets in the specified credentials cache are destroyed.  Separate ticket caches are used to  hold  root  instance  and  password
       changing tickets.  These should probably be destroyed too, or all of a user's tickets kept in a single credentials cache.

																       KDESTROY(1)
Man Page