KVNO(1) General Commands Manual KVNO(1)NAME
kvno - print key version numbers of Kerberos principals
SYNOPSIS
kvno [-q] [-h] [-c ccache] [-e etype] service1 service2 ...
DESCRIPTION
Kvno acquires a service ticket for the specified Kerberos principals and prints out the key version numbers of each.
OPTIONS-c ccache
specifies the name of a credentials cache to use (if not the default)
-e etype
specifies the enctype which will be requested for the session key of all the services named on the command line. This is useful in
certain backward compatibility situations.
-q suppress printing
-h prints a usage statement and exits
-P specifies that the service1 service2 ... arguments are to be treated as services for which credentials should be acquired using
constrained delegation. This option is only valid when used in conjunction with protocol transition.
-S sname
specifies that krb5_sname_to_principal() will be used to build principal names. If this flag is specified, the service1 service2
... arguments are interpreted as hostnames (rather than principal names), and sname is interpreted as the service name.
-U for_user
specifies that protocol transition (S4U2Self) is to be used to acquire a ticket on behalf of for_user. If constrained delegation is
not requested, the service name must match the credentials cache client principal.
ENVIRONMENT
Kvno uses the following environment variable:
KRB5CCNAME Location of the credentials (ticket) cache.
FILES
/tmp/krb5cc_[uid] default location of the credentials cache ([uid] is the decimal UID of the user).
SEE ALSOkinit(1), kdestroy(1), krb5(3)KVNO(1)
Check Out this Related Man Page
KVNO(1) General Commands Manual KVNO(1)NAME
kvno - print key version numbers of Kerberos principals
SYNOPSIS
kvno [-q] [-h] [-c ccache] [-e etype] service1 service2 ...
DESCRIPTION
Kvno acquires a service ticket for the specified Kerberos principals and prints out the key version numbers of each.
OPTIONS -c ccache
specifies the name of a credentials cache to use (if not the default)
-e etype
specifies the enctype which will be requested for the session key of all the services named on the command line. This is useful in
certain backward compatibility situations.
-q suppress printing
-h prints a usage statement and exits
-P specifies that the service1 service2 ... arguments are to be treated as services for which credentials should be acquired using
constrained delegation. This option is only valid when used in conjunction with protocol transition.
-S sname
specifies that krb5_sname_to_principal() will be used to build principal names. If this flag is specified, the service1 service2
... arguments are interpreted as hostnames (rather than principal names), and sname is interpreted as the service name.
-U for_user
specifies that protocol transition (S4U2Self) is to be used to acquire a ticket on behalf of for_user. If constrained delegation is
not requested, the service name must match the credentials cache client principal.
ENVIRONMENT
Kvno uses the following environment variable:
KRB5CCNAME Location of the credentials (ticket) cache.
FILES
/tmp/krb5cc_[uid] default location of the credentials cache ([uid] is the decimal UID of the user).
SEE ALSO kinit(1), kdestroy(1), krb5(3)KVNO(1)
Good day
I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right.
When I ran kinit username I get a ticket and I can display it using klist.
When the user login I can see the ticket request on Windows 2003, but the user... (1 Reply)
I want to disable following commands in my linux distribution (Thanks to Linux hardening guide)
# which rcp
/usr/kerberos/bin/rcp
# which rlogin
/usr/kerberos/bin/rlogin
# which rsh
/usr/kerberos/bin/rsh
When checked they were all part of krb5-workstation-1.6.1-25.el5 rpm.
# rpm -qf... (2 Replies)
@kah00na and all others,
i have done al steps of the HowTo "Authenticate AIX users from MSActive Directory", found in this forum, but it still does not work.
The test with kinit USERNAME works fine. But if i try to login i get the "UNKNOWN_USER" error in the debug.log.All steps to change... (11 Replies)
Upon opening Terminal I get the following message:
-bash: /usr/bin/manpath: No such file or directory
-bash: /usr/bin/perl: No such file or directory
-bash: grep: command not found
-bash: grep: command not found
-bash: grep: command not found
-bash: grep: command not found
I searched... (9 Replies)
The KRB5ALDAP compound load module is giving me fits. Everything looks like it should be working, but no.
Goal: Integrate AIX host with Active Directory using a KRB5ALDAP compound load module so that users can be created in AD and used in AIX, with unix attributes (registry values) being... (2 Replies)
I'm fairly new to UNIX-land, and one of my first assigned tasks was to try to set up Kerberos authentication on an unused partition. Hopefully everything makes sense, but please let me know if any clarification is needed with any of it.
AIX 7.1, and while I found various docs on the subject, a... (11 Replies)
I'm authenticating with SSSD / Kerberos against Windows Server 2012 R2. I've setup credentails delegation using these options:
Host *
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPITrustDns yes
For both client/server but no luck. I've read online that I need to run... (2 Replies)