1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
KINIT(1) UNIX Reference Manual KINIT(1)
NNAAMMEE
kkiinniitt, kkaauutthh - acquire initial tickets
SSYYNNOOPPSSIISS
kkiinniitt [--44 | ----552244iinniitt] [----aaffsslloogg] [--cc _c_a_c_h_e_n_a_m_e | ----ccaacchhee==_c_a_c_h_e_n_a_m_e] [--ff
| ----ffoorrwwaarrddaabbllee] [--tt _k_e_y_t_a_b_n_a_m_e | ----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e] [--ll _t_i_m_e |
----lliiffeettiimmee==_t_i_m_e] [--pp | ----pprrooxxiiaabbllee] [--RR | ----rreenneeww] [----rreenneewwaabbllee]
[--rr _t_i_m_e | ----rreenneewwaabbllee--lliiffee==_t_i_m_e] [--SS _p_r_i_n_c_i_p_a_l |
----sseerrvveerr==_p_r_i_n_c_i_p_a_l] [--ss _t_i_m_e | ----ssttaarrtt--ttiimmee==_t_i_m_e] [--kk |
----uussee--kkeeyyttaabb] [--vv | ----vvaalliiddaattee] [--ee _e_n_c_t_y_p_e | ----eennccttyyppeess==_e_n_c_t_y_p_e]
[----ffccaacchhee--vveerrssiioonn==_i_n_t_e_g_e_r] [----nnoo--aaddddrreesssseess] [----aannoonnyymmoouuss]
[----vveerrssiioonn] [----hheellpp] [_p_r_i_n_c_i_p_a_l [_c_o_m_m_a_n_d]]
DDEESSCCRRIIPPTTIIOONN
kkiinniitt is used to authenticate to the kerberos server as _p_r_i_n_c_i_p_a_l, or if
none is given, a system generated default (typically your login name at
the default realm), and acquire a ticket granting ticket that can later
be used to obtain tickets for other services.
If you have compiled kinit with Kerberos 4 support and you have a Ker-
beros 4 server, kkiinniitt will detect this and get you Kerberos 4 tickets.
Supported options:
--cc _c_a_c_h_e_n_a_m_e ----ccaacchhee==_c_a_c_h_e_n_a_m_e
The credentials cache to put the acquired ticket in, if other
than default.
--ff, ----ffoorrwwaarrddaabbllee
Get ticket that can be forwarded to another host.
--tt _k_e_y_t_a_b_n_a_m_e, ----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e
Don't ask for a password, but instead get the key from the speci-
fied keytab.
--ll _t_i_m_e, ----lliiffeettiimmee==_t_i_m_e
Specifies the lifetime of the ticket. The argument can either be
in seconds, or a more human readable string like `1h'.
--pp, ----pprrooxxiiaabbllee
Request tickets with the proxiable flag set.
--RR, ----rreenneeww
Try to renew ticket. The ticket must have the `renewable' flag
set, and must not be expired.
----rreenneewwaabbllee
The same as ----rreenneewwaabbllee--lliiffee, with an infinite time.
--rr _t_i_m_e, ----rreenneewwaabbllee--lliiffee==_t_i_m_e
The max renewable ticket life.
--SS _p_r_i_n_c_i_p_a_l, ----sseerrvveerr==_p_r_i_n_c_i_p_a_l
Get a ticket for a service other than krbtgt/LOCAL.REALM.
--ss _t_i_m_e, ----ssttaarrtt--ttiimmee==_t_i_m_e
Obtain a ticket that starts to be valid _t_i_m_e (which can really be
a generic time specification, like `1h') seconds into the future.
--kk, ----uussee--kkeeyyttaabb
The same as ----kkeeyyttaabb, but with the default keytab name (normally
_F_I_L_E_:_/_e_t_c_/_k_r_b_5_._k_e_y_t_a_b).
--vv, ----vvaalliiddaattee
Try to validate an invalid ticket.
--ee, ----eennccttyyppeess==_e_n_c_t_y_p_e_s
Request tickets with this particular enctype.
----ffccaacchhee--vveerrssiioonn==_v_e_r_s_i_o_n
Create a credentials cache of version vveerrssiioonn.
----nnoo--aaddddrreesssseess
Request a ticket with no addresses.
----aannoonnyymmoouuss
Request an anonymous ticket (which means that the ticket will be
issued to an anonymous principal, typically ``anonymous@REALM).''
The following options are only available if kkiinniitt has been compiled with
support for Kerberos 4. The kkaauutthh program is identical to kkiinniitt, but has
these options enabled by default.
--44, ----552244iinniitt
Try to convert the obtained Kerberos 5 krbtgt to a version 4 com-
patible ticket. It will store this ticket in the default Kerberos
4 ticket file.
----aaffsslloogg
Gets AFS tickets, converts them to version 4 format, and stores
them in the kernel. Only useful if you have AFS.
The _f_o_r_w_a_r_d_a_b_l_e, _p_r_o_x_i_a_b_l_e, _t_i_c_k_e_t___l_i_f_e, and _r_e_n_e_w_a_b_l_e___l_i_f_e options can
be set to a default value from the appdefaults section in krb5.conf, see
krb5_appdefault(3).
If a _c_o_m_m_a_n_d is given, kkiinniitt will setup new credentials caches, and AFS
PAG, and then run the given command. When it finishes the credentials
will be removed.
EENNVVIIRROONNMMEENNTT
KRB5CCNAME
Specifies the default cache file.
KRB5_CONFIG
The directory where the _k_r_b_5_._c_o_n_f can be found, default is _/_e_t_c.
KRBTKFILE
Specifies the Kerberos 4 ticket file to store version 4 tickets
in.
SSEEEE AALLSSOO
kdestroy(1), klist(1), krb5.conf(5), krb5_appdefault(3)
HEIMDAL May 29, 1998 2
|