NAME

klist - list Kerberos credentials

SYNOPSIS

klist --cache=cache [-c cache Xo] [-s | -t | --test] [-T | --tokens] [-5 | --v5] [-v | --verbose] [-l | --list-caches] [-f] [--version] [--help]

DESCRIPTION

klist reads and displays the current tickets in the credential cache (also known as the ticket file).

Options supported:

Xo
-c cache, --cache=cache credential cache to list

Xo
-s, -t, --test Test for there being an active and valid TGT for the local realm of the user in the credential cache.

Xo
-T, --tokens display AFS tokens

Xo
-5, --v5 display v5 cred cache (this is the default)

-f
Include ticket flags in short form, each character stands for a specific flag, as follows:
F
forwardable
f
forwarded
P
proxiable
p
proxied
D
postdate-able
d
postdated
R
renewable
I
initial
i
invalid
A
pre-authenticated
H
hardware authenticated

This information is also output with the --verbose option, but in a more verbose way.

Xo
-v, --verbose Verbose output. Include all possible information:

Server
the principal the ticket is for

Ticket etype
the encryption type used in the ticket, followed by the key version of the ticket, if it is available

Session key
the encryption type of the session key, if it's different from the encryption type of the ticket

Auth time
the time the authentication exchange took place

Start time
the time that this ticket is valid from (only printed if it's different from the auth time)

End time
when the ticket expires, if it has already expired this is also noted

Renew till
the maximum possible end time of any ticket derived from this one

Ticket flags
the flags set on the ticket

Addresses
the set of addresses from which this ticket is valid

Xo
-l, --list-caches List the credential caches for the current users, not all cache types supports listing multiple caches.

SEE ALSO

kdestroy(1), kinit(1)