1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
.\" $Id: klist.1,v 1.8 2001/06/08 21:35:32 joda Exp $
.\"
.Dd July 8, 2000
.Dt KLIST 1
.Os HEIMDAL
.Sh NAME
.Nm klist
.Nd list Kerberos credentials
.Sh SYNOPSIS
.Nm
.Oo Fl c Ar cache \*(Ba Xo
.Fl -cache= Ns Ar cache
.Xc
.Oc
.Op Fl s | Fl t | Fl -test
.Op Fl 4 | Fl -v4
.Op Fl T | Fl -tokens
.Op Fl 5 | Fl -v5
.Op Fl v | Fl -verbose
.Op Fl f
.Op Fl -version
.Op Fl -help
.Sh DESCRIPTION
.Nm
reads and displays the current tickets in the crential cache (also
known as the ticket file).
.Pp
Options supported:
.Bl -tag -width Ds
.It Xo
.Fl c Ar cache Ns ,
.Fl -cache= Ns Ar cache
.Xc
credentials cache to list
.It Xo
.Fl s Ns ,
.Fl t Ns ,
.Fl -test
.Xc
Test for there being an active and valid TGT for the local realm of
the user in the credential cache.
.It Xo
.Fl 4 Ns ,
.Fl -v4
.Xc
display v4 tickets
.It Xo
.Fl T Ns ,
.Fl -tokens
.Xc
display AFS tokens
.It Xo
.Fl 5 Ns ,
.Fl -v5
.Xc
display v5 cred cache (this is the default)
.It Fl f
Include ticket flags in short form, each charcted stands for a
specific flag, as follows:
.Bl -tag -width XXX -compact -offset indent
.It F
forwardable
.It f
forwarded
.It P
proxiable
.It p
proxied
.It D
postdate-able
.It d
postdated
.It R
renewable
.It I
initial
.It i
invalid
.It A
pre-authenticated
.It H
hardware authenticated
.El
.Pp
This information is also output with the
.Fl -verbose
option, but in a more verbose way.
.It Xo
.Fl v Ns ,
.Fl -verbose
.Xc
Verbose output. Include all possible information:
.Bl -tag -width XXXX -offset indent
.It Server
the princial the ticket is for
.It Ticket etype
the encryption type use in the ticket, followed by the key version of
the ticket, if it is available
.It Session key
the encryption type of the session key, if it's different from the
encryption type of the ticket
.It Auth time
the time the authentication exchange took place
.It Start time
the time that this tickets is valid from (only printed if it's
different from the auth time)
.It End time
when the ticket expires, if it has already expired this is also noted
.It Renew till
the maximum possible end time of any ticket derived from this one
.It Ticket flags
the flags set on the ticket
.It Addresses
the set of addresses from which this ticket is valid
.El
.El
.Sh SEE ALSO
.Xr kinit 1 ,
.Xr kdestroy 1
|