summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kuser/kinit.1
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kuser/kinit.1')
-rw-r--r--crypto/heimdal/kuser/kinit.1120
1 files changed, 75 insertions, 45 deletions
diff --git a/crypto/heimdal/kuser/kinit.1 b/crypto/heimdal/kuser/kinit.1
index 749798a..37d7390 100644
--- a/crypto/heimdal/kuser/kinit.1
+++ b/crypto/heimdal/kuser/kinit.1
@@ -1,4 +1,4 @@
-.\" $Id: kinit.1,v 1.4 2000/02/01 14:12:13 joda Exp $
+.\" $Id: kinit.1,v 1.8 2001/01/28 21:44:56 assar Exp $
.\"
.Dd May 29, 1998
.Dt KINIT 1
@@ -10,38 +10,38 @@
acquire initial tickets
.Sh SYNOPSIS
.Nm kinit
-.Op Fl 4
-.Op Fl -524init
+.Op Fl 4 | Fl -524init
.Op Fl -afslog
-.Op Fl c Ar cachename
-.Op Fl -cache= Ns Ar cachename
-.Op Fl c Ar cachename
-.Op Fl -cache= Ns Ar cachename
-.Op Fl f
-.Op Fl -forwardable
-.Op Fl t Ar keytabname
-.Op Fl -keytab= Ns Ar keytabname
-.Op Fl l Ar seconds
-.Op Fl -lifetime= Ns Ar seconds
-.Op Fl p
-.Op Fl -proxiable
-.Op Fl R
-.Op Fl -renew
+.Oo Fl c Ar cachename \*(Ba Xo
+.Fl -cache= Ns Ar cachename Oc
+.Xc
+.Op Fl f | Fl -forwardable
+.Oo Fl t Ar keytabname \*(Ba Xo
+.Fl -keytab= Ns Ar keytabname Oc
+.Xc
+.Oo Fl l Ar time \*(Ba Xo
+.Fl -lifetime= Ns Ar time Oc
+.Xc
+.Op Fl p | Fl -proxiable
+.Op Fl R | Fl -renew
.Op Fl -renewable
-.Op Fl r Ar seconds
-.Op Fl -renewable-life= Ns Ar seconds
-.Op Fl S Ar principal
-.Op Fl -server= Ns Ar principal
-.Op Fl s Ar seconds
-.Op Fl -start-time= Ns Ar seconds
-.Op Fl k
-.Op Fl -use-keytab
-.Op Fl v
-.Op Fl -validate
-.Op Fl e
-.Op Fl -enctypes= Ns Ar enctypes
-.Op Fl -fcache-version= Ns Ar version
+.Oo Fl r Ar time \*(Ba Xo
+.Fl -renewable-life= Ns Ar time Oc
+.Xc
+.Oo Fl S Ar principal \*(Ba Xo
+.Fl -server= Ns Ar principal Oc
+.Xc
+.Oo Fl s Ar time \*(Ba Xo
+.Fl -start-time= Ns Ar time Oc
+.Xc
+.Op Fl k | Fl -use-keytab
+.Op Fl v | Fl -validate
+.Oo Fl e Ar enctype \*(Ba Xo
+.Fl -enctypes= Ns Ar enctype Oc
+.Xc
+.Op Fl -fcache-version= Ns Ar integer
.Op Fl -no-addresses
+.Op Fl -anonymous
.Op Fl -version
.Op Fl -help
.Op Ar principal
@@ -49,9 +49,15 @@ acquire initial tickets
.Nm
is used to authenticate to the kerberos server as
.Ar principal ,
-or if none is given, a system generated default, and acquire a ticket
-granting ticket that can later be used to obtain tickets for other
-services.
+or if none is given, a system generated default (typically your login
+name at the default realm), and acquire a ticket granting ticket that
+can later be used to obtain tickets for other services.
+.Pp
+If you have compiled kinit with Kerberos 4 support and you have a
+Kerberos 4 server,
+.Nm
+will detect this and get you Kerberos 4 tickets.
+.Pp
Supported options:
.Bl -tag -width Ds
.It Xo
@@ -72,10 +78,12 @@ Get ticket that can be forwarded to another host.
Don't ask for a password, but instead get the key from the specified
keytab.
.It Xo
-.Fl l Ar seconds Ns ,
-.Fl -lifetime= Ns Ar seconds
+.Fl l Ar time Ns ,
+.Fl -lifetime= Ns Ar time
.Xc
-Specifies the lifetime of the ticket.
+Specifies the lifetime of the ticket. The argument can either be in
+seconds, or a more human readable string like
+.Sq 1h .
.It Xo
.Fl p Ns ,
.Fl -proxiable
@@ -93,8 +101,8 @@ The same as
.Fl -renewable-life ,
with an infinite time.
.It Xo
-.Fl r Ar seconds Ns ,
-.Fl -renewable-life= Ns Ar seconds
+.Fl r Ar time Ns ,
+.Fl -renewable-life= Ns Ar time
.Xc
The max renewable ticket life.
.It Xo
@@ -103,10 +111,14 @@ The max renewable ticket life.
.Xc
Get a ticket for a service other than krbtgt/LOCAL.REALM.
.It Xo
-.Fl s Ar seconds Ns ,
-.Fl -start-time= Ns Ar seconds
+.Fl s Ar time Ns ,
+.Fl -start-time= Ns Ar time
.Xc
-Start time of ticket, if other than the current time.
+Obtain a ticket that starts to be valid
+.Ar time
+(which can really be a generic time specification, like
+.Sq 1h )
+seconds into the future.
.It Xo
.Fl k Ns ,
.Fl -use-keytab
@@ -134,8 +146,14 @@ Create a credentials cache of version
.Fl -no-addresses
.Xc
Request a ticket with no addresses.
+.It Xo
+.Fl -anonymous
+.Xc
+Request an anonymous ticket (which means that the ticket will be
+issued to an anonymous principal, typically
+.Dq anonymous@REALM).
.El
-
+.Pp
The following options are only available if
.Nm
has been compiled with support for Kerberos 4. The
@@ -149,13 +167,24 @@ default.
.Fl 4 Ns ,
.Fl -524init
.Xc
-Try to convert the obtained krbtgt to a version 4 compatible
+Try to convert the obtained Kerberos 5 krbtgt to a version 4 compatible
ticket. It will store this ticket in the default Kerberos 4 ticket
file.
.It Fl -afslog
Gets AFS tickets, converts them to version 4 format, and stores them
in the kernel. Only useful if you have AFS.
.El
+.Pp
+The
+.Ar forwardable ,
+.Ar proxiable ,
+.Ar ticket_life ,
+and
+.Ar renewable_life
+options can be set to a default value from the
+.Dv appdefaults
+section in krb5.conf, see
+.Xr krb5_appdefault 3 .
.Sh ENVIRONMENT
.Bl -tag -width Ds
.It Ev KRB5CCNAME
@@ -172,9 +201,10 @@ Specifies the Kerberos 4 ticket file to store version 4 tickets in.
.\".Sh EXAMPLES
.\".Sh DIAGNOSTICS
.Sh SEE ALSO
-.Xr krb5.conf 5 ,
+.Xr kdestroy 1 ,
.Xr klist 1 ,
-.Xr kdestroy 1
+.Xr krb5.conf 5 ,
+.Xr krb5_appdefault 3
.\".Sh STANDARDS
.\".Sh HISTORY
.\".Sh AUTHORS
OpenPOWER on IntegriCloud