Displays the contents of a Kerberos credentials cache or key table.
-a
| Displays all tickets in the credentials cache, including expired
tickets. Expired tickets are not listed if this flag is not
specified. This flag is valid only when listing a credentials
cache.
|
-c
| Lists the tickets in a credentials cache. This is the default if
neither the -c nor the -k flag is specified. This
flag is mutually exclusive with the -k flag.
|
-e
| Displays the encryption type for the session key and the ticket.
|
-f
| Displays the ticket flags using the following abbreviations:
- F
- Forwardable ticket
- f
- Forwarded ticket
- P
- Proxiable ticket
- p
- Proxy ticket
- D
- Postdateable ticket
- d
- Postdated ticket
- R
- Renewable ticket
- I
- Initial ticket
- i
- Invalid ticket
- H
- Hardware preauthentication used
- A
- Preauthentication used
- O
- Server can be a delegate
|
name
| Specifies the name of the credentials cache or key table. The
default credentials cache or key table is used if you do not specify a
filename.
If you do not specify a name indicating a cache name or keytab name, klist
displays the credentials in the default credentials cache or keytab file as
appropriate. If the KRB5CCNAME environment variable is set, its value
is used to name the default credentials (ticket) cache.
|
-k
| Lists the entries in a key table. This flag is mutually exclusive
with the -c flag.
|
-K
| Displays the encryption key value for each key table entry. This
flag is valid only when listing a key table.
|
-n
| Displays the numerical internet address instead of the host name.
The default without the -n is host name. This command is
used in conjunction with the -a flag.
|
-s
| Suppresses command output but sets the exit status to 0 if a valid
ticket-granting ticket is found in the credentials cache. This flag is
valid only when listing a credentials cache.
|
-t
| Displays timestamps for key table entries. This flag is valid only
when listing a key table.
|