1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
KINIT(1) FreeBSD General Commands Manual KINIT(1)
NNAAMMEE
kkiinniitt kkaauutthh - acquire initial tickets
SSYYNNOOPPSSIISS
kkiinniitt [--44 | ----552244iinniitt] [--99 | ----552244ccoonnvveerrtt] [----aaffsslloogg] [--cc _c_a_c_h_e_n_a_m_e |
----ccaacchhee==_c_a_c_h_e_n_a_m_e] [--ff | ----ffoorrwwaarrddaabbllee] [--tt _k_e_y_t_a_b_n_a_m_e |
----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e] [--ll _t_i_m_e | ----lliiffeettiimmee==_t_i_m_e] [--pp | ----pprrooxxiiaabbllee]
[--RR | ----rreenneeww] [----rreenneewwaabbllee] [--rr _t_i_m_e | ----rreenneewwaabbllee--lliiffee==_t_i_m_e] [--SS
_p_r_i_n_c_i_p_a_l | ----sseerrvveerr==_p_r_i_n_c_i_p_a_l] [--ss _t_i_m_e | ----ssttaarrtt--ttiimmee==_t_i_m_e]
[--kk | ----uussee--kkeeyyttaabb] [--vv | ----vvaalliiddaattee] [--ee _e_n_c_t_y_p_e_s |
----eennccttyyppeess==_e_n_c_t_y_p_e_s] [--aa _a_d_d_r_e_s_s_e_s | ----eexxttrraa--aaddddrreesssseess==_a_d_d_r_e_s_s_e_s]
[----ffccaacchhee--vveerrssiioonn==_i_n_t_e_g_e_r] [----nnoo--aaddddrreesssseess] [----aannoonnyymmoouuss]
[----vveerrssiioonn] [----hheellpp] [_p_r_i_n_c_i_p_a_l [_c_o_m_m_a_n_d]]
DDEESSCCRRIIPPTTIIOONN
kkiinniitt is used to authenticate to the kerberos server as _p_r_i_n_c_i_p_a_l, or if
none is given, a system generated default (typically your login name at
the default realm), and acquire a ticket granting ticket that can later
be used to obtain tickets for other services.
If you have compiled kkiinniitt with Kerberos 4 support and you have a Ker-
beros 4 server, kkiinniitt will detect this and get you Kerberos 4 tickets.
Supported options:
--cc _c_a_c_h_e_n_a_m_e ----ccaacchhee==_c_a_c_h_e_n_a_m_e
The credentials cache to put the acquired ticket in, if other
than default.
--ff, ----ffoorrwwaarrddaabbllee
Get ticket that can be forwarded to another host.
--tt _k_e_y_t_a_b_n_a_m_e, ----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e
Don't ask for a password, but instead get the key from the speci-
fied keytab.
--ll _t_i_m_e, ----lliiffeettiimmee==_t_i_m_e
Specifies the lifetime of the ticket. The argument can either be
in seconds, or a more human readable string like `1h'.
--pp, ----pprrooxxiiaabbllee
Request tickets with the proxiable flag set.
--RR, ----rreenneeww
Try to renew ticket. The ticket must have the `renewable' flag
set, and must not be expired.
----rreenneewwaabbllee
The same as ----rreenneewwaabbllee--lliiffee, with an infinite time.
--rr _t_i_m_e, ----rreenneewwaabbllee--lliiffee==_t_i_m_e
The max renewable ticket life.
--SS _p_r_i_n_c_i_p_a_l, ----sseerrvveerr==_p_r_i_n_c_i_p_a_l
Get a ticket for a service other than krbtgt/LOCAL.REALM.
--ss _t_i_m_e, ----ssttaarrtt--ttiimmee==_t_i_m_e
Obtain a ticket that starts to be valid _t_i_m_e (which can really be
a generic time specification, like `1h') seconds into the future.
--kk, ----uussee--kkeeyyttaabb
The same as ----kkeeyyttaabb, but with the default keytab name (normally
_F_I_L_E_:_/_e_t_c_/_k_r_b_5_._k_e_y_t_a_b).
--vv, ----vvaalliiddaattee
Try to validate an invalid ticket.
--ee, ----eennccttyyppeess==_e_n_c_t_y_p_e_s
Request tickets with this particular enctype.
----ffccaacchhee--vveerrssiioonn==_v_e_r_s_i_o_n
Create a credentials cache of version vveerrssiioonn.
--aa, ----eexxttrraa--aaddddrreesssseess==_e_n_c_t_y_p_e_s
Adds a set of addresses that will, in addition to the systems
local addresses, be put in the ticket. This can be useful if all
addresses a client can use can't be automatically figured out.
One such example is if the client is behind a firewall. Also set-
table via libdefaults/extra_addresses in krb5.conf(5).
----nnoo--aaddddrreesssseess
Request a ticket with no addresses.
----aannoonnyymmoouuss
Request an anonymous ticket (which means that the ticket will be
issued to an anonymous principal, typically ``anonymous@REALM'').
The following options are only available if kkiinniitt has been compiled with
support for Kerberos 4.
--44, ----552244iinniitt
Try to convert the obtained Kerberos 5 krbtgt to a version 4 com-
patible ticket. It will store this ticket in the default Kerberos
4 ticket file.
--99, ----552244ccoonnvveerrtt
only convert ticket to version 4
----aaffsslloogg
Gets AFS tickets, converts them to version 4 format, and stores
them in the kernel. Only useful if you have AFS.
The _f_o_r_w_a_r_d_a_b_l_e, _p_r_o_x_i_a_b_l_e, _t_i_c_k_e_t___l_i_f_e, and _r_e_n_e_w_a_b_l_e___l_i_f_e options can
be set to a default value from the appdefaults section in krb5.conf, see
krb5_appdefault(3).
If a _c_o_m_m_a_n_d is given, kkiinniitt will setup new credentials caches, and AFS
PAG, and then run the given command. When it finishes the credentials
will be removed.
EENNVVIIRROONNMMEENNTT
KRB5CCNAME
Specifies the default credentials cache.
KRB5_CONFIG
The file name of _k_r_b_5_._c_o_n_f , the default being _/_e_t_c_/_k_r_b_5_._c_o_n_f.
KRBTKFILE
Specifies the Kerberos 4 ticket file to store version 4 tickets
in.
SSEEEE AALLSSOO
kdestroy(1), klist(1), krb5_appdefault(3), krb5.conf(5)
HEIMDAL May 29, 1998 HEIMDAL
|