|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
User Commands kinit(1)
NAME
kinit - obtain and cache Kerberos ticket-granting ticket
SYNOPSIS
/usr/bin/kinit [-ARvV] [-p | -P] [-f | -F] [-c cache_name]
[ -k [-t keytab_file]] [-l lifetime] [-r renewable_life] [-
s start_time] [-S service_name] [principal]
DESCRIPTION
The kinit command is used to obtain and cache an initial
ticket-granting ticket (credential) for principal. This
ticket is used for authentication by the Kerberos system.
Notice that only users with Kerberos principals can use the
Kerberos system. For information about Kerberos principals,
see kerberos(5).
When you use kinit without options, the utility prompts for
your principal and Kerberos password, and tries to authenti-
cate your login with the local Kerberos server. The princi-
pal can be specified on the command line if desired.
If Kerberos authenticates the login attempt, kinit retrieves
your initial ticket-granting ticket and puts it in the
ticket cache. By default your ticket will be stored in the
file /tmp/krb5cc_uid, where uid specifies your user identif-
ication number. Tickets expire after a specified lifetime,
after which kinit must be run again. Any existing contents
of the cache are destroyed by kinit.
Values specified in the command line override the values
specified in the Kerberos configuration file for lifetime
and renewable_life.
The kdestroy(1) command may be used to destroy any active
tickets before you end your login session.
OPTIONS
The following options are supported:
-A Requests address-less tickets.
-c cache_name Uses cache_name as the credentials
(ticket) cache name and location. If
this option is not used, the default
cache name and location are used.
-f Requests forwardable tickets.
SunOS 5.10 Last change: 30 Apr 2004 1
User Commands kinit(1)
-F Not forwardable. Does not request
forwardable tickets.
Tickets that have been acquired on
one host cannot normally be used on
another host. A client can request
that the ticket be marked forward-
able. Once the TKT_FLG_FORWARDABLE
flag is set on a ticket, the user
can use this ticket to request a new
ticket, but with a different IP
address. Thus, users can use their
current credentials to get creden-
tials valid on another machine. This
option allows a user to explicitly
obtain a non-forwardable ticket.
-k [-t keytab_file] Requests a host ticket, obtained
from a key in the local host's key-
tab file. The name and location of
the keytab file may be specified
with the -t keytab_file option. Oth-
erwise, the default name and loca-
tion will be used.
-l lifetime Requests a ticket with the lifetime
lifetime. If the -l option is not
specified, the default ticket life-
time (configured by each site) is
used. Specifying a ticket lifetime
longer than the maximum ticket life-
time (configured by each site)
results in a ticket with the maximum
lifetime. See the Time Formats sec-
tion for the valid time duration
formats that you can specify for
lifetime. See kdc.conf(4) and
kadmin(1M) (for getprinc command to
verify the lifetime values for the
server principal).
The lifetime of the tickets returned
will be the minimum of the follow-
ing:
o Value specified in the command
line.
SunOS 5.10 Last change: 30 Apr 2004 2
User Commands kinit(1)
o Value specified in the KDC con-
figuration file.
o Value specified in the Kerberos
data base for the server prin-
cipal. In the case of kinit, it
is krbtgt/realm name.
o Value specified in the Kerberos
database for the user princi-
pal.
-p Requests proxiable tickets.
-P Not proxiable. Does not request
proxiable tickets.
A proxiable ticket is a ticket that
allows you to get a ticket for a
service with IP addresses other than
the ones in the Ticket Granting
Ticket. This option allows a user to
explicitly obtain a non-proxiable
ticket.
-r renewable_life Requests renewable tickets, with a
total lifetime of renewable_life.
See the Time Formats section for the
valid time duration formats that you
can specify for renewable_life. See
kdc.conf(4) and kadmin(1M) (for get-
princ command to verify the lifetime
values for the server principal).
The renewable lifetime of the tick-
ets returned will be the minimum of
the following:
o Value specified in the command
line.
o Value specified in the KDC con-
figuration file.
o
SunOS 5.10 Last change: 30 Apr 2004 3
User Commands kinit(1)
Value specified in the Kerberos
data base for the server prin-
cipal. In the case of kinit, it
is krbtgt/realm name.
o Value specified in the Kerberos
database for the user princi-
pal.
-R Requests renewal of the ticket-
granting ticket. Notice that an
expired ticket cannot be renewed,
even if the ticket is still within
its renewable life.
-s start_time Requests a postdated ticket, valid
starting at start_time. Postdated
tickets are issued with the invalid
flag set, and need to be fed back to
the KDC before use. See the Time
Formats section for either the valid
absolute time or time duration for-
mats that you can specify for
start_time. kinit attempts to match
an absolute time first before trying
to match a time duration.
-S service_name Specifies an alternate service name
to use when getting initial tickets.
-v Requests that the ticket granting
ticket in the cache (with the
invalid flag set) be passed to the
KDC for validation. If the ticket is
within its requested time range, the
cache is replaced with the validated
ticket.
-V Verbose output. Displays further
information to the user, such as
confirmation of authentication and
version.
SunOS 5.10 Last change: 30 Apr 2004 4
User Commands kinit(1)
Time Formats
The following absolute time formats can be used for the -s
start_time option. The examples are based on the date and
time of July 2, 1999, 1:35:30 p.m.
____________________________________________________________
| Absolute Time Format | Example |
| yymmddhhmm[ss] | 990702133530 |
| hhmm[ss] | 133530 |
| yy.mm.dd.hh.mm.ss | 99:07:02:13:35:30 |
| hh:mm[:ss] | 13:35:30 |
| ldate:ltime | 07-07-99:13:35:30 |
| dd-month-yyyy:hh:mm[:ss] | 02-july-1999:13:35:30 |
|_____________________________|_____________________________|
Variable Description
dd day
hh hour (24-hour clock)
mm minutes
ss seconds
yy year within century (0-68
is 2000 to 2068; 69-99 is
1969 to 1999)
yyyy year including century
month locale's full or abbrevi-
ated month name
ldate locale's appropriate date
representation
ltime locale's appropriate time
representation
The following time duration formats can be used for the -l
lifetime, -r renewable_life, and -s start_time options. The
examples are based on the time duration of 14 days, 7 hours,
5 minutes, and 30 seconds.
SunOS 5.10 Last change: 30 Apr 2004 5
User Commands kinit(1)
____________________________________________________________
| Time Duration Format | Example |
| #d | 14d |
| #h | 7h |
| #m | 5m |
| #s | 30s |
| #d#h#m#s | 14d7h5m30s |
| #h#m[#s] | 7h5m30s |
| days-hh:mm:ss | 14-07:05:30 |
| hours:mm[:ss] | 7:05:30 |
|_____________________________|_____________________________|
Delimiter Description
d number of days
h number of hours
m number of minutes
s number of seconds
Variable Description
# number
days number of days
hours number of hours
hh hour (24-hour clock)
mm minutes
ss seconds
ENVIRONMENT VARIABLES
kinit uses the following environment variable:
KRB5CCNAME Location of the credentials (ticket)
cache. See krb5envvar(5) for syntax
and details.
FILES
/tmp/krb5cc_uid Default credentials cache (uid is
the decimal UID of the user).
/etc/krb5/krb5.keytab Default location for the local
host's keytab file.
/etc/krb5/krb5.conf Default location for the local
host's configuration file. See
krb5.conf(4).
SunOS 5.10 Last change: 30 Apr 2004 6
User Commands kinit(1)
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWkrbu |
|_____________________________|_____________________________|
| Interface Stability | See below. |
|_____________________________|_____________________________|
The command arguments are Evolving. The command output is
Unstable.
SEE ALSO
kdestroy(1), klist(1), kadmin(1M), ktkt_warnd(1M),
kdc.conf(4), krb5.conf(4), attributes(5), kerberos(5),
krb5envvar(5), pam_krb5(5)
AUTHORS
Steve Miller, MIT Project Athena/Digital Equipment Corpora-
tion; Clifford Neuman, MIT Project Athena
NOTES
On success, kinit notifies ktkt_warnd(1M) to alert the user
when the initial credentials (ticket-granting ticket) are
about to expire.
SunOS 5.10 Last change: 30 Apr 2004 7
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:24:59 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
sqlite3 man page (5333 hits)
(openSUSE 10.2)
svn man page (5208 hits)
(FreeBSD 6.2)
adv_cap_autoneg man page (4870 hits)
(Solaris 10 11_06)
CPAN man page (4607 hits)
(Suse Linux 10.1)
ssh man page (4342 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (2874 hits)
(Solaris 10 11_06)
netcat man page (2717 hits)
(Suse Linux 10.1)
pprosetup man page (2487 hits)
(Solaris 10 11_06)
startproc man page (2471 hits)
(Suse Linux 10.1)
signal man page (2406 hits)
(Suse Linux 10.1)
|
Man Pages 
