diff options
Diffstat (limited to 'crypto/heimdal/kuser/kinit.1')
-rw-r--r-- | crypto/heimdal/kuser/kinit.1 | 120 |
1 files changed, 75 insertions, 45 deletions
diff --git a/crypto/heimdal/kuser/kinit.1 b/crypto/heimdal/kuser/kinit.1 index 749798a..37d7390 100644 --- a/crypto/heimdal/kuser/kinit.1 +++ b/crypto/heimdal/kuser/kinit.1 @@ -1,4 +1,4 @@ -.\" $Id: kinit.1,v 1.4 2000/02/01 14:12:13 joda Exp $ +.\" $Id: kinit.1,v 1.8 2001/01/28 21:44:56 assar Exp $ .\" .Dd May 29, 1998 .Dt KINIT 1 @@ -10,38 +10,38 @@ acquire initial tickets .Sh SYNOPSIS .Nm kinit -.Op Fl 4 -.Op Fl -524init +.Op Fl 4 | Fl -524init .Op Fl -afslog -.Op Fl c Ar cachename -.Op Fl -cache= Ns Ar cachename -.Op Fl c Ar cachename -.Op Fl -cache= Ns Ar cachename -.Op Fl f -.Op Fl -forwardable -.Op Fl t Ar keytabname -.Op Fl -keytab= Ns Ar keytabname -.Op Fl l Ar seconds -.Op Fl -lifetime= Ns Ar seconds -.Op Fl p -.Op Fl -proxiable -.Op Fl R -.Op Fl -renew +.Oo Fl c Ar cachename \*(Ba Xo +.Fl -cache= Ns Ar cachename Oc +.Xc +.Op Fl f | Fl -forwardable +.Oo Fl t Ar keytabname \*(Ba Xo +.Fl -keytab= Ns Ar keytabname Oc +.Xc +.Oo Fl l Ar time \*(Ba Xo +.Fl -lifetime= Ns Ar time Oc +.Xc +.Op Fl p | Fl -proxiable +.Op Fl R | Fl -renew .Op Fl -renewable -.Op Fl r Ar seconds -.Op Fl -renewable-life= Ns Ar seconds -.Op Fl S Ar principal -.Op Fl -server= Ns Ar principal -.Op Fl s Ar seconds -.Op Fl -start-time= Ns Ar seconds -.Op Fl k -.Op Fl -use-keytab -.Op Fl v -.Op Fl -validate -.Op Fl e -.Op Fl -enctypes= Ns Ar enctypes -.Op Fl -fcache-version= Ns Ar version +.Oo Fl r Ar time \*(Ba Xo +.Fl -renewable-life= Ns Ar time Oc +.Xc +.Oo Fl S Ar principal \*(Ba Xo +.Fl -server= Ns Ar principal Oc +.Xc +.Oo Fl s Ar time \*(Ba Xo +.Fl -start-time= Ns Ar time Oc +.Xc +.Op Fl k | Fl -use-keytab +.Op Fl v | Fl -validate +.Oo Fl e Ar enctype \*(Ba Xo +.Fl -enctypes= Ns Ar enctype Oc +.Xc +.Op Fl -fcache-version= Ns Ar integer .Op Fl -no-addresses +.Op Fl -anonymous .Op Fl -version .Op Fl -help .Op Ar principal @@ -49,9 +49,15 @@ acquire initial tickets .Nm is used to authenticate to the kerberos server as .Ar principal , -or if none is given, a system generated default, and acquire a ticket -granting ticket that can later be used to obtain tickets for other -services. +or if none is given, a system generated default (typically your login +name at the default realm), and acquire a ticket granting ticket that +can later be used to obtain tickets for other services. +.Pp +If you have compiled kinit with Kerberos 4 support and you have a +Kerberos 4 server, +.Nm +will detect this and get you Kerberos 4 tickets. +.Pp Supported options: .Bl -tag -width Ds .It Xo @@ -72,10 +78,12 @@ Get ticket that can be forwarded to another host. Don't ask for a password, but instead get the key from the specified keytab. .It Xo -.Fl l Ar seconds Ns , -.Fl -lifetime= Ns Ar seconds +.Fl l Ar time Ns , +.Fl -lifetime= Ns Ar time .Xc -Specifies the lifetime of the ticket. +Specifies the lifetime of the ticket. The argument can either be in +seconds, or a more human readable string like +.Sq 1h . .It Xo .Fl p Ns , .Fl -proxiable @@ -93,8 +101,8 @@ The same as .Fl -renewable-life , with an infinite time. .It Xo -.Fl r Ar seconds Ns , -.Fl -renewable-life= Ns Ar seconds +.Fl r Ar time Ns , +.Fl -renewable-life= Ns Ar time .Xc The max renewable ticket life. .It Xo @@ -103,10 +111,14 @@ The max renewable ticket life. .Xc Get a ticket for a service other than krbtgt/LOCAL.REALM. .It Xo -.Fl s Ar seconds Ns , -.Fl -start-time= Ns Ar seconds +.Fl s Ar time Ns , +.Fl -start-time= Ns Ar time .Xc -Start time of ticket, if other than the current time. +Obtain a ticket that starts to be valid +.Ar time +(which can really be a generic time specification, like +.Sq 1h ) +seconds into the future. .It Xo .Fl k Ns , .Fl -use-keytab @@ -134,8 +146,14 @@ Create a credentials cache of version .Fl -no-addresses .Xc Request a ticket with no addresses. +.It Xo +.Fl -anonymous +.Xc +Request an anonymous ticket (which means that the ticket will be +issued to an anonymous principal, typically +.Dq anonymous@REALM). .El - +.Pp The following options are only available if .Nm has been compiled with support for Kerberos 4. The @@ -149,13 +167,24 @@ default. .Fl 4 Ns , .Fl -524init .Xc -Try to convert the obtained krbtgt to a version 4 compatible +Try to convert the obtained Kerberos 5 krbtgt to a version 4 compatible ticket. It will store this ticket in the default Kerberos 4 ticket file. .It Fl -afslog Gets AFS tickets, converts them to version 4 format, and stores them in the kernel. Only useful if you have AFS. .El +.Pp +The +.Ar forwardable , +.Ar proxiable , +.Ar ticket_life , +and +.Ar renewable_life +options can be set to a default value from the +.Dv appdefaults +section in krb5.conf, see +.Xr krb5_appdefault 3 . .Sh ENVIRONMENT .Bl -tag -width Ds .It Ev KRB5CCNAME @@ -172,9 +201,10 @@ Specifies the Kerberos 4 ticket file to store version 4 tickets in. .\".Sh EXAMPLES .\".Sh DIAGNOSTICS .Sh SEE ALSO -.Xr krb5.conf 5 , +.Xr kdestroy 1 , .Xr klist 1 , -.Xr kdestroy 1 +.Xr krb5.conf 5 , +.Xr krb5_appdefault 3 .\".Sh STANDARDS .\".Sh HISTORY .\".Sh AUTHORS |