[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]
Commands Reference, Volume 3
kinit Command
Purpose
Obtains or renews the Kerberos ticket-granting ticket.
Syntax
kinit [ -l lifetime ] [ -r renewable_life ] [ -f ] [ -p ] [ -A ] [ -s start_time ] [ -S target_service ] [ -k
[ -t keytab_file ] ] [ -R
] [ -v ] [
-c cachename ] [ principal ]
Description
The kinit command obtains or renews a Kerberos ticket-granting
ticket. The Key Distribution Center (KDC) options specified by the [kdcdefault]
and [realms] in the Kerberos configuration file (kdc.conf) are used if you do not specify a ticket flag on the command line.
If you are not renewing an existing ticket, the command reinitializes the
credentials cache and will contain the new ticket-granting ticket received
from the KDC. If you do not specify the Principal
name on the command line and you do specify the -s flag,
the Principal name is obtained from the credentials
cache. The new credentials cache becomes the default cache unless you specify
the cache name using the -c flag.
The ticket Time value for the -l, -r and -s flags is expressed
as ndnhnmns where:
- n
- represents a number
- d
- represents days
- h
- represents hours
- m
- represents minutes
- s
- represents seconds
You must specify the components in this order but you can omit any component,
for example 4h5m represents four hours and 5 minutes
and 1d2s represents 1 day and 2 seconds.
Flags
|
-A |
Specifies that the ticket contain a list of client addresses. The
ticket will contain the local host address list if this option is not specified.
When an initial ticket contains an address list, it can be used only from
one of the addresses in the the address list. |
|
-c cachename |
Specifies the name of the credentials cache to use. The default credentials
cache is used if this flag is not specified. If the KRB5CCNAME environment
variable is set, its value is used to name the default ticket cache. Any existing
contents of the cache i are destroyed by kinit. |
|
-f |
Specifies that the ticket is to be forwardable. To forward the ticket,
this flag must be specified. |
|
-k |
Specifies to obtain the key for the ticket principal from a key table.
If you do not specify this flag, you are prompted to enter the password for
the ticket principal. |
|
-l lifetime |
Specifies the ticket end time interval. The ticket cannot be used
after the interval expires unless the ticket is renewed. The interval default
time is 10 hours. |
|
-p |
Specifies that the ticket is to be proxiable. To make the ticket proxiable,
this flag must be specified. |
|
principal |
Specifies the ticket principal. The principal is obtained from the
credentials cache if the principal is not specified on the command line. |
|
-r renewable_life |
Specifies the renew time interval for a renewable ticket. The ticket
cannot be renewed after the interval expires. The renew time must be greater
than the end time. If this flag is not specified, the ticket is not renewable,
although you can still generate a renewable ticket if the requested ticket
lifetime exceeds the maximum ticket lifetime. |
|
-R |
Specifies to renew an existing ticket. No other flags may be specified
when renewing an existing ticket. |
|
-s start_time |
Specifies a request for a postdated ticket, valid starting at start_time. |
|
-S target_service |
Specifies an alternate service name to use when getting initial tickets. |
|
-t keytab_file |
Specifies the key table name. The default key table is used if this
flag is not specified and the -k flag is specified.
The -t flag implies the -k flag. |
|
-v |
Specifies that the ticket granting ticket in the cache be passed to
the kdc for validation. If the ticket is within its requested time range,
the cache is replaced with the validated ticket. |
Examples
- To obtain a ticket-granting ticket with a lifetime of 10 hours, which
is renewable for five days, type:
kinit -l 10h -r 5d my_principal
- To renew an existing ticket, type:
kinit -R
Files
| /usr/krb5/bin/kinit |
| /var/krb5/security/creds/krb5cc_[uid] |
default credentials cache ([uid] is the UID of the user.) |
| /etc/krb5/krb5.keytab |
default location for the local host's keytab file. |
| /var/krb5/krb5kdc/kdc.conf |
Kerberos KDC configuration file. |
Related Information
The klist command, kdestroy command, and env command.
[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]