KINIT(1) | FreeBSD General Commands Manual | KINIT(1) |
NAME
kinit — acquire initial ticketsSYNOPSIS
kinit | [ --afslog][ -c cachename | --cache=cachename][ -f | --no-forwardable][ -t keytabname | --keytab=keytabname][ -l time | --lifetime=time][ -p | --proxiable][ -R | --renew][ --renewable][ -r time | --renewable-life=time][ -S principal | --server=principal][ -s time | --start-time=time][ -k | --use-keytab][ -v | --validate][ -e enctypes | --enctypes=enctypes][ -a addresses | --extra-addresses=addresses][ --password-file=filename][ --fcache-version=version-number][ -A | --no-addresses][ --anonymous][ --enterprise][ --version][ --help][ principal [ command]] |
DESCRIPTION
kinit is used to authenticate to the Kerberos server as principal, or if none is given, a system generated default (typically your login name at the default realm), and acquire a ticket granting ticket that can later be used to obtain tickets for other services.Supported options:
- -c cachename - -cache= cachename
- The credentials cache to put the acquired ticket in, if other than default.
- -f - -no-forwardable
- Get ticket that can be forwarded to another host, or if the negative flags use, don't get a forwardable flag.
- -t keytabname, - -keytab= keytabname
- Don't ask for a password, but instead get the key from the specified keytab.
- -l time, - -lifetime= time
- Specifies the lifetime of the ticket. The argument can either be in seconds, or a more human readable string like ‘1h’.
- -p, - -proxiable
- Request tickets with the proxiable flag set.
- -R, - -renew
- Try to renew ticket. The ticket must have the ‘renewable’ flag set, and must not be expired.
- - -renewable
- The same as - -renewable-life, with an infinite time.
- -r time, - -renewable-life= time
- The max renewable ticket life.
- -S principal, - -server= principal
- Get a ticket for a service other than krbtgt/LOCAL.REALM.
- -s time, - -start-time= time
- Obtain a ticket that starts to be valid time (which can really be a generic time specification, like ‘1h’) seconds into the future.
- -k, - -use-keytab
- The same as - -keytab, but with the default keytab name (normally FILE:/etc/krb5.keytab).
- -v, - -validate
- Try to validate an invalid ticket.
- -e, - -enctypes= enctypes
- Request tickets with this particular enctype.
- - -password-file= filename
- read the password from the first line of filename. If the filename is STDIN, the password will be read from the standard input.
- - -fcache-version= version-number
- Create a credentials cache of version version-number.
- -a, - -extra-addresses= enctypes
-
Adds a set of addresses that will, in addition to the systems local addresses, be put in the ticket. This can be useful if all addresses a client can use can't be automatically figured out. One such example is if the client is behind a firewall. Also settable via
libdefaults/extra_addresses
in krb5.conf(5). - -A, - -no-addresses
- Request a ticket with no addresses.
- - -anonymous
- Request an anonymous ticket (which means that the ticket will be issued to an anonymous principal, typically “anonymous@REALM”).
- - -enterprise
- Parse principal as a enterprise (KRB5-NT-ENTERPRISE) name. Enterprise names are email like principals that are stored in the name part of the principal, and since there are two @ characters the parser needs to know that the first is not a realm. An example of an enterprise name is “lha@e.kth.se@KTH.SE”, and this option is usually used with canonicalize so that the principal returned from the KDC will typically be the real principal name.
- - -afslog
- Gets AFS tickets, converts them to version 4 format, and stores them in the kernel. Only useful if you have AFS.
The forwardable, proxiable, ticket_life, and renewable_life options can be set to a default value from the appdefaults section in krb5.conf, see krb5_appdefault(3).
If a command is given, kinit will set up new credentials caches, and AFS PAG, and then run the given command. When it finishes the credentials will be removed.
ENVIRONMENT
- KRB5CCNAME
- Specifies the default credentials cache.
- KRB5_CONFIG
- The file name of krb5.conf, the default being /etc/krb5.conf.
- KRBTKFILE
- Specifies the Kerberos 4 ticket file to store version 4 tickets in.
April 25, 2006 | HEIMDAL |