kinit man page on OSF1

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
OSF1 logo
[printable version]

kinit(1)							      kinit(1)

NAME
       kinit  -	 Obtains and caches initial ticket granting tickets (TGTs) and
       service tickets

SYNOPSIS
       /krb5/bin/kinit [-c cachename] [-D] [-d starttime] [-e etype]  [-k  [-t
       keytable]]  [-f]	 [-n]  [-p]  [-l lifetime] [-r renewtime] [-v version]
       [principal]

       /krb5/bin/kinit -S service  [-c cachename] [-d starttime] [-f] [-p] [-l
       lifetime] [-r renewtime]

       /krb5/bin/kinit -R  [-c cachename]

       /krb5/bin/kinit -V  [-c cachename]

OPTIONS
       Specifies  the  location	 of  the Kerberos credentials cache file other
       than the default, which is /krb5/tmp/cc/krb5cc_ uid (where  uid	repre‐
       sents  your  user  identification  retrieved  from  the password file),
       unless the CSFC5CCNAME environment variable  is	set  to	 an  alternate
       pathname.   Creates  a postdatable TGT.	Creates a postdated ticket and
       specifies the amount of time before the ticket can be validated.

	      The syntax of  starttime	is  [#w][#d][#h][#m][#s],  where  w  =
	      weeks,  d	 =  days, h = hours, m = minutes, and s = seconds.  No
	      spaces are allowed unless the expression is enclosed  in	quota‐
	      tion  marks,  and	 when  spaces  are used, numbers must still be
	      adjacent to their applicable letters. For example, "1w 2d 3h  4m
	      5s" is acceptable, whereas "1 w 2 h" produces an error.

	      By  default,  a  starttime  is  in hours.	 If the requested time
	      period is less than the server's	clock  skew  value  (typically
	      five  minutes),  the  ticket's  start time is set to the current
	      time and it is issued as if the -d option had  not  been	speci‐
	      fied.   Specifies the encryption type for the credentials. Valid
	      uses for etype are the following: For DES-CBC-CRC, enter one  of
	      the following:

	      DES-CRC or 1 For DES-CBC-MD5, enter one of the following:

	      DES  or  DES-MD5 or 3 For DES3-CBC-MD5, enter one of the follow‐
	      ing:

	      DES3 or DES3-MD5 or 5

	      By default, type 5 (DES3-CBC-MD5)	 encryption  is	 used  if  the
	      principal	 has a DES3 key in the security server principal data‐
	      base. Otherwise, type 3 (DES-CBC-MD5) encryption is used.

	      The -e option is mutually exclusive with the -k and -t  options.
	      Creates  a  forwardable TGT.  Uses the service key table file to
	      obtain the ticket rather than a user-supplied password. Use this
	      option  to  check	 the contents of the default service key table
	      file called v5srvtab.  If you are using a service key table file
	      other  than  the default, use the -t option to identify the name
	      of the service key table file.

	      You must be logged on as root to use this	 option,  because  the
	      v5srvtab file is accessible only to root. Also, the -k option is
	      mutually exclusive with the -e option.  Requests a ticket with a
	      specified lifetime. You must specify a lifetime, up to the maxi‐
	      mum lifetime set for the	principal  account  in	the  principal
	      database;	 otherwise,  the ticket lifetime is set to the default
	      of 8 hours.

	      The syntax of lifetime is [#w][#d][#h][#m][#s], where w = weeks,
	      d = days, h = hours, m = minutes, and s = seconds. No spaces are
	      allowed unless the expression is enclosed	 in  quotation	marks,
	      and  when	 spaces	 are  used,  numbers must be adjacent to their
	      applicable letters. For example, "1w 2d 3h 4m 5s" is acceptable,
	      whereas "1 w 2 d 3 h 4 m 5 s" will produce an error.

	      By  default,  a  lifetime	 is in hours.  Skips preauthentication
	      when obtaining the ticket. By default, kinit uses preauthentica‐
	      tion.  Creates a proxiable ticket.  Renews all renewable tickets
	      in the specified credentials cache. After a ticket  is  renewed,
	      its  start  time	is  set	 to  the current time and its end time
	      becomes either the sum of the current time plus the end time, or
	      the  renew time, whichever is less. The end time, authentication
	      time, and renew time are not changed on the tickets.

	      Renewing tickets removes all expired tickets  from  the  creden‐
	      tials  cache.   You  must renew tickets before they expire.  You
	      cannot renew some tickets and not others.

	      This option is valid only by itself or with the  -c  option;  no
	      password	is required.  Creates a renewable ticket with a speci‐
	      fied    renew    time.	The    syntax	 of    renewtime    is
	      [#w][#d][#h][#m][#s],  where w = weeks, d = days, h = hours, m =
	      minutes, and s = seconds.	 No  spaces  are  allowed  unless  the
	      expression  is  enclosed in quotation marks, and when spaces are
	      used, numbers must be adjacent to their applicable letters.  For
	      example,	"1w 2d 3h 4m 5s" is acceptable, whereas "1 w 2 d 3 h 4
	      m 5 s" will produce an error.

	      By default, a renewtime is in hours.  Requests a	ticket	for  a
	      specified	 service. A valid TGT must exist in the user's creden‐
	      tials cache file prior to using this option or the command  will
	      fail.  You  must specify a service principal name, where service
	      is that name.

	      For example, the following command obtains a service ticket  for
	      the host/server1.company.com principal in the COMPANY.COM realm:

	      # kinit -S host/server1.company.com@COMPANY.COM

	      To obtain a service ticket for the local host principal, enter:

	      # kinit -S host

	      Use  this command to verify that the host principal for a user's
	      computer can authenticate as required.  Specifies a service  key
	      table file other than the default, which is /krb5/v5srvtab.

	      You can only use the -t option with the -k option.

	      The -k and -t options are mutually exclusive with the -e option.
	      Validates the tickets in the credentials cache. Validation  suc‐
	      ceeds  if	 the  current  time  is	 later than the ticket's valid
	      starting time and before the  ticket's  expiration  time.	 Using
	      this  option  removes  all  expired tickets from the credentials
	      cache.

	      This option is valid only by itself or with the  -c  option;  no
	      password is required.

	      Validating  postdated tickets makes them active; services do not
	      accept unvalidated postdated tickets.   Specifies	 the  Kerberos
	      credentials  cache  version.  The	 range	of  valid  values is 1
	      through 4. The default value is 2.  Specifies the	 name  of  the
	      principal for which you want to obtain an initial ticket (TGT).

DESCRIPTION
       The  kinit  command:  Obtains  and  caches  an  initial	ticket	(TGT).
       Acquires service tickets.  Renews tickets that  are  renewable.	 Vali‐
       dates postdated tickets.

RESTRICTIONS
       Due to clock skew (the difference allowed between the clock time of the
       client and server), the ticket start and end  times  might  not	appear
       exactly as specified. The clock skew is five minutes, so a ticket start
       time might be five minutes before or after the time you specified.

       Tickets with remaining lifetimes that are  less	than  the  clock  skew
       might give unexpected results.

       If  you	request a postdated ticket and the ticket start time is within
       the clock skew, the ticket start time  is  the  current	time  and  the
       ticket is valid immediately.

EXAMPLES
       To  obtain  a ticket postdated to start 1 hour from now, has a lifetime
       of 15 minutes, that is forwardable, and is for the principal mary/admin
       in the default domain COMPANY.COM, enter:

	      #	 kinit	-d 1h -l 15m -f mary/admin@COMPANY.COM To validate the
	      ticket after the start time has passed and  before  it  expires,
	      enter:

	      # kinit -V To obtain a ticket with a lifetime of 45 hours and 30
	      minutes, enter:

	      # kinit -l 45h30m

ENVIRONMENT VARIABLES
       CSFC5CCNAME

       Controls the credentials cache.

FILES
       /krb5/tmp/cc/krb5cc_ uid

       Default Kerberos credentials cache file.

       v5srvtab

       Default service key table file.

SEE ALSO
       Commands: kdestroy(1), klist(1), ktutil(1)

								      kinit(1)
[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server OSF1

List of man pages available for OSF1

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net