*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->FreeBSD man pages -> kinit (1)              



NAME    [Toc]    [Back]

     kinit kauth -- acquire initial tickets

SYNOPSIS    [Toc]    [Back]

     kinit [-4 | --524init] [-9 | --524convert] [--afslog] [-c cachename |
           --cache=cachename] [-f | --forwardable] [-t keytabname |
           --keytab=keytabname] [-l time | --lifetime=time] [-p | --proxiable]
           [-R | --renew] [--renewable] [-r time | --renewable-life=time] [-S
           principal | --server=principal] [-s time | --start-time=time]
           [-k | --use-keytab] [-v | --validate] [-e enctypes |
           --enctypes=enctypes] [-a addresses | --extra-addresses=addresses]
           [--fcache-version=integer] [--no-addresses] [--anonymous]
           [--version] [--help] [principal [command]]

DESCRIPTION    [Toc]    [Back]

     kinit is used to authenticate to the Kerberos server as principal, or if
     none is given, a system generated default (typically your login name at
     the default realm), and acquire a ticket granting ticket that can later
     be used to obtain tickets for other services.

     If you have compiled kinit with Kerberos 4 support and you have a Kerberos
 4 server, kinit will detect this and get you Kerberos 4 tickets.

     Supported options:

     -c cachename --cache=cachename
             The credentials cache to put the acquired ticket in, if other
             than default.

     -f, --forwardable
             Get ticket that can be forwarded to another host.

     -t keytabname, --keytab=keytabname
             Don't ask for a password, but instead get the key from the specified

     -l time, --lifetime=time
             Specifies the lifetime of the ticket. The argument can either be
             in seconds, or a more human readable string like `1h'.

     -p, --proxiable
             Request tickets with the proxiable flag set.

     -R, --renew
             Try to renew ticket. The ticket must have the `renewable' flag
             set, and must not be expired.

             The same as --renewable-life, with an infinite time.

     -r time, --renewable-life=time
             The max renewable ticket life.

     -S principal, --server=principal
             Get a ticket for a service other than krbtgt/LOCAL.REALM.

     -s time, --start-time=time
             Obtain a ticket that starts to be valid time (which can really be
             a generic time specification, like `1h') seconds into the future.

     -k, --use-keytab
             The same as --keytab, but with the default keytab name (normally

     -v, --validate
             Try to validate an invalid ticket.

     -e, --enctypes=enctypes
             Request tickets with this particular enctype.

             Create a credentials cache of version version.

     -a, --extra-addresses=enctypes
             Adds a set of addresses that will, in addition to the systems
             local addresses, be put in the ticket. This can be useful if all
             addresses a client can use can't be automatically figured out.
             One such example is if the client is behind a firewall. Also settable
 via libdefaults/extra_addresses in krb5.conf(5).

             Request a ticket with no addresses.

             Request an anonymous ticket (which means that the ticket will be
             issued to an anonymous principal, typically ``anonymous@REALM'').

     The following options are only available if kinit has been compiled with
     support for Kerberos 4.

     -4, --524init
             Try to convert the obtained Kerberos 5 krbtgt to a version 4 compatible
 ticket. It will store this ticket in the default Kerberos
             4 ticket file.

     -9, --524convert
             only convert ticket to version 4

             Gets AFS tickets, converts them to version 4 format, and stores
             them in the kernel. Only useful if you have AFS.

     The forwardable, proxiable, ticket_life, and renewable_life options can
     be set to a default value from the appdefaults section in krb5.conf, see

     If  a command is given, kinit will setup new credentials caches, and AFS
     PAG, and then run the given command. When it finishes the credentials
     will be removed.

ENVIRONMENT    [Toc]    [Back]

             Specifies the default credentials cache.

             The file name of krb5.conf , the default being /etc/krb5.conf.

             Specifies the Kerberos 4 ticket file to store version 4 tickets

SEE ALSO    [Toc]    [Back]

     kdestroy(1), klist(1), krb5_appdefault(3), krb5.conf(5)

HEIMDAL                          May 29, 1998                          HEIMDAL
[ Back ]
 Similar pages
Name OS Title
kinit Tru64 Obtains and caches initial ticket granting tickets (TGTs) and service tickets
kdestroy HP-UX destroy Kerberos tickets
klist HP-UX Lists cached tickets
klist HP-UX list cached Kerberos tickets
klist Tru64 Lists the tickets stored in the credentials cache file
kdestroy Tru64 Destroys valid or nonvalid Kerberos tickets and removes the cache file
pthread_main_np FreeBSD identify the initial thread
isl HP-UX initial system loader
tt_initial_session HP-UX return the initial session identifier
setvaluator IRIX assigns an initial value and a range to a valuator
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service