kinit(1)
- NetBSD Manual Pages
KINIT(1) NetBSD Reference Manual KINIT(1)
NAME
kinit, kauth - acquire initial tickets
SYNOPSIS
kinit [-4 | --524init] [--afslog] [-c cachename | --cache=cachename] [-f
| --forwardable] [-t keytabname | --keytab=keytabname] [-l time |
--lifetime=time] [-p | --proxiable] [-R | --renew] [--renewable]
[-r time | --renewable-life=time] [-S principal |
--server=principal] [-s time | --start-time=time] [-k |
--use-keytab] [-v | --validate] [-e enctype | --enctypes=enctype]
[--fcache-version=integer] [--no-addresses] [--anonymous]
[--version] [--help] [principal]
DESCRIPTION
kinit is used to authenticate to the kerberos server as principal, or if
none is given, a system generated default (typically your login name at
the default realm), and acquire a ticket granting ticket that can later
be used to obtain tickets for other services.
If you have compiled kinit with Kerberos 4 support and you have a Ker-
beros 4 server, kinit will detect this and get you Kerberos 4 tickets.
Supported options:
-c cachename --cache=cachename
The credentials cache to put the acquired ticket in, if other
than default.
-f, --forwardable
Get ticket that can be forwarded to another host.
-t keytabname, --keytab=keytabname
Don't ask for a password, but instead get the key from the speci-
fied keytab.
-l time, --lifetime=time
Specifies the lifetime of the ticket. The argument can either be
in seconds, or a more human readable string like `1h'.
-p, --proxiable
Request tickets with the proxiable flag set.
-R, --renew
Try to renew ticket. The ticket must have the `renewable' flag
set, and must not be expired.
--renewable
The same as --renewable-life, with an infinite time.
-r time, --renewable-life=time
The max renewable ticket life.
-S principal, --server=principal
Get a ticket for a service other than krbtgt/LOCAL.REALM.
-s time, --start-time=time
Obtain a ticket that starts to be valid time (which can really be
a generic time specification, like `1h') seconds into the future.
-k, --use-keytab
The same as --keytab, but with the default keytab name (normally
FILE:/etc/krb5.keytab).
-v, --validate
Try to validate an invalid ticket.
-e, --enctypes=enctypes
Request tickets with this particular enctype.
--fcache-version=version
Create a credentials cache of version version.
--no-addresses
Request a ticket with no addresses.
--anonymous
Request an anonymous ticket (which means that the ticket will be
issued to an anonymous principal, typically ``anonymous@REALM).''
The following options are only available if kinit has been compiled with
support for Kerberos 4. The kauth program is identical to kinit, but has
these options enabled by default.
-4, --524init
Try to convert the obtained Kerberos 5 krbtgt to a version 4 com-
patible ticket. It will store this ticket in the default Kerberos
4 ticket file.
--afslog
Gets AFS tickets, converts them to version 4 format, and stores
them in the kernel. Only useful if you have AFS.
The forwardable, proxiable, ticket_life, and renewable_life options can
be set to a default value from the appdefaults section in krb5.conf, see
krb5_appdefault(3).
ENVIRONMENT
KRB5CCNAME
Specifies the default cache file.
KRB5_CONFIG
The directory where the krb5.conf can be found, default is /etc.
KRBTKFILE
Specifies the Kerberos 4 ticket file to store version 4 tickets
in.
SEE ALSO
kdestroy(1), klist(1), krb5.conf(5), krb5_appdefault(3)
HEIMDAL May 29, 1998 2
Powered by man-cgi (2024-03-20).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.