NAME
kinit
kauth
- acquire initial tickets
SYNOPSIS
kinit
[-4 | --524init]
[-9 | --524convert]
[--afslog]
--cache=cachename
[-c cachename Xo]
[-f | --forwardable]
--keytab=keytabname
[-t keytabname Xo]
--lifetime=time
[-l time Xo]
[-p | --proxiable]
[-R | --renew]
[--renewable]
--renewable-life=time
[-r time Xo]
--server=principal
[-S principal Xo]
--start-time=time
[-s time Xo]
[-k | --use-keytab]
[-v | --validate]
--enctypes=enctypes
[-e enctypes Xo]
--extra-addresses=addresses
[-a addresses Xo]
[--password-file=filename]
[--fcache-version=version-number]
[-A | --no-addresses]
[--anonymous]
[--version]
[--help]
[principal[ command]]
DESCRIPTION
kinit
is used to authenticate to the Kerberos server as
principal,
or if none is given, a system generated default (typically your login
name at the default realm), and acquire a ticket granting ticket that
can later be used to obtain tickets for other services.
If you have compiled
kinit
with Kerberos 4 support and you have a
Kerberos 4 server,
kinit
will detect this and get you Kerberos 4 tickets.
Supported options:
- Xo
-
-c cachename
--cache=cachename
The credentials cache to put the acquired ticket in, if other than
default.
- Xo
-
-f,
--forwardable
Get ticket that can be forwarded to another host.
- Xo
-
-t keytabname,
--keytab=keytabname
Don't ask for a password, but instead get the key from the specified
keytab.
- Xo
-
-l time,
--lifetime=time
Specifies the lifetime of the ticket.
The argument can either be in seconds, or a more human readable string
like
`1h'.
- Xo
-
-p,
--proxiable
Request tickets with the proxiable flag set.
- Xo
-
-R,
--renew
Try to renew ticket.
The ticket must have the
`renewable'
flag set, and must not be expired.
- --renewable
-
The same as
--renewable-life,
with an infinite time.
- Xo
-
-r time,
--renewable-life=time
The max renewable ticket life.
- Xo
-
-S principal,
--server=principal
Get a ticket for a service other than krbtgt/LOCAL.REALM.
- Xo
-
-s time,
--start-time=time
Obtain a ticket that starts to be valid
time
(which can really be a generic time specification, like
`1h')
seconds into the future.
- Xo
-
-k,
--use-keytab
The same as
--keytab,
but with the default keytab name (normally
FILE:/etc/krb5.keytab).
- Xo
-
-v,
--validate
Try to validate an invalid ticket.
- Xo
-
-e,
--enctypes=enctypes
Request tickets with this particular enctype.
- Xo
-
--password-file=filename
read the password from the first line of
filename.
If the
filename
is
STDIN,
the password will be read from the standard input.
- Xo
-
--fcache-version=version-number
Create a credentials cache of version
version-number.
- Xo
-
-a,
--extra-addresses=enctypes
Adds a set of addresses that will, in addition to the systems local
addresses, be put in the ticket.
This can be useful if all addresses a client can use can't be
automatically figured out.
One such example is if the client is behind a firewall.
Also settable via
libdefaults/extra_addresses
in
krb5.conf(5).
- Xo
-
-A,
--no-addresses
Request a ticket with no addresses.
- Xo
-
--anonymous
Request an anonymous ticket (which means that the ticket will be
issued to an anonymous principal, typically
``anonymous@REALM'').
The following options are only available if
kinit
has been compiled with support for Kerberos 4.
- Xo
-
-4,
--524init
Try to convert the obtained Kerberos 5 krbtgt to a version 4
compatible ticket.
It will store this ticket in the default Kerberos 4 ticket file.
- Xo
-
-9,
--524convert
only convert ticket to version 4
- --afslog
-
Gets AFS tickets, converts them to version 4 format, and stores them
in the kernel.
Only useful if you have AFS.
The
forwardable,
proxiable,
ticket_life,
and
renewable_life
options can be set to a default value from the
appdefaults
section in krb5.conf, see
krb5_appdefault(3).
If a
command
is given,
kinit
will set up new credentials caches, and AFS PAG, and then run the given
command.
When it finishes the credentials will be removed.
ENVIRONMENT
KRB5CCNAME
-
Specifies the default credentials cache.
KRB5_CONFIG
-
The file name of
krb5.conf
,
the default being
/etc/krb5.conf
.
KRBTKFILE
-
Specifies the Kerberos 4 ticket file to store version 4 tickets in.
SEE ALSO
kdestroy(1),
klist(1),
krb5_appdefault(3),
krb5.conf(5)