[ Previous | Next | Table of Contents | Index | Library Home |
Legal |
Search ]
Commands Reference, Volume 3
Obtains or renews the Kerberos ticket-granting ticket.
kinit [ -l lifetime
] [ -r renewable_life ] [
-f ] [ -p ] [
-A ] [ -s start_time ] [ -S target_service ] [ -k [ -t
keytab_file ] ] [ -R ] [ -v ] [ -c
cachename ] [ principal ]
The kinit command obtains or renews a Kerberos ticket-granting
ticket. The Key Distribution Center (KDC) options specified by the
[kdcdefault] and [realms] in the Kerberos configuration file
(kdc.conf) are used if you do not specify a ticket flag on
the command line.
If you are not renewing an existing ticket, the command reinitializes the
credentials cache and will contain the new ticket-granting ticket received
from the KDC. If you do not specify the Principal name on
the command line and you do specify the -s flag, the
Principal name is obtained from the credentials cache. The
new credentials cache becomes the default cache unless you specify the cache
name using the -c flag.
The ticket Time value for the -l, -r and
-s flags is expressed as ndnhnmns where:
- n
- represents a number
- d
- represents days
- h
- represents hours
- m
- represents minutes
- s
- represents seconds
You must specify the components in this order but you can omit any
component, for example 4h5m represents four hours and 5 minutes and
1d2s represents 1 day and 2 seconds.
| -A
| Specifies that the ticket contain a list of client addresses. The
ticket will contain the local host address list if this option is not
specified. When an initial ticket contains an address list, it can be
used only from one of the addresses in the the address list.
|
| -c cachename
| Specifies the name of the credentials cache to use. The default
credentials cache is used if this flag is not specified. If the
KRB5CCNAME environment variable is set, its value is used to name the default
ticket cache. Any existing contents of the cache i are destroyed by
kinit.
|
| -f
| Specifies that the ticket is to be forwardable. To forward the
ticket, this flag must be specified.
|
| -k
| Specifies to obtain the key for the ticket principal from a key
table. If you do not specify this flag, you are prompted to enter the
password for the ticket principal.
|
| -l lifetime
| Specifies the ticket end time interval. The ticket cannot be used
after the interval expires unless the ticket is renewed. The interval
default time is 10 hours.
|
| -p
| Specifies that the ticket is to be proxiable. To make the ticket
proxiable, this flag must be specified.
|
| principal
| Specifies the ticket principal. The principal is obtained from the
credentials cache if the principal is not specified on the command
line.
|
| -r
renewable_life
| Specifies the renew time interval for a renewable ticket. The
ticket cannot be renewed after the interval expires. The renew time
must be greater than the end time. If this flag is not specified, the
ticket is not renewable, although you can still generate a renewable ticket if
the requested ticket lifetime exceeds the maximum ticket lifetime.
|
| -R
| Specifies to renew an existing ticket. No other flags may be
specified when renewing an existing ticket.
|
| -s start_time
| Specifies a request for a postdated ticket, valid starting at
start_time.
|
| -S target_service
| Specifies an alternate service name to use when getting initial
tickets.
|
| -t keytab_file
| Specifies the key table name. The default key table is used if
this flag is not specified and the -k flag is specified. The
-t flag implies the -k flag.
|
| -v
| Specifies that the ticket granting ticket in the cache be passed to the
kdc for validation. If the ticket is within its requested time range,
the cache is replaced with the validated ticket.
|
- To obtain a ticket-granting ticket with a lifetime of 10 hours, which is
renewable for five days, type:
kinit -l 10h -r 5d my_principal
- To renew an existing ticket, type:
kinit -R
| /usr/krb5/bin/kinit
|
| /var/krb5/security/creds/krb5cc_[uid]
| default credentials cache ([uid] is the UID of the user.)
|
| /etc/krb5/krb5.keytab
| default location for the local host's keytab file.
|
| /var/krb5/krb5kdc/kdc.conf
| Kerberos KDC configuration file.
|
The klist command, kdestroy
command, and env command.
[ Previous | Next | Table of Contents | Index |
Library Home |
Legal |
Search ]