Deleted Added
sdiff udiff text old ( 72445 ) new ( 76371 )
full compact
kinit.1 (72445) kinit.1 (76371)
1.\" $Id: kinit.1,v 1.8 2001/01/28 21:44:56 assar Exp $
2.\"
3.Dd May 29, 1998
4.Dt KINIT 1
5.Os HEIMDAL
6.Sh NAME
7.Nm kinit ,
8.Nm kauth
1.\" $Id: kinit.1,v 1.8 2001/01/28 21:44:56 assar Exp $
2.\"
3.Dd May 29, 1998
4.Dt KINIT 1
5.Os HEIMDAL
6.Sh NAME
7.Nm kinit ,
8.Nm kauth
9.Nd
10acquire initial tickets
9.Nd acquire initial tickets
11.Sh SYNOPSIS
12.Nm kinit
13.Op Fl 4 | Fl -524init
14.Op Fl -afslog
15.Oo Fl c Ar cachename \*(Ba Xo
16.Fl -cache= Ns Ar cachename Oc
17.Xc
18.Op Fl f | Fl -forwardable
19.Oo Fl t Ar keytabname \*(Ba Xo
20.Fl -keytab= Ns Ar keytabname Oc
21.Xc
22.Oo Fl l Ar time \*(Ba Xo
23.Fl -lifetime= Ns Ar time Oc
24.Xc
25.Op Fl p | Fl -proxiable
26.Op Fl R | Fl -renew
27.Op Fl -renewable
28.Oo Fl r Ar time \*(Ba Xo
29.Fl -renewable-life= Ns Ar time Oc
30.Xc
31.Oo Fl S Ar principal \*(Ba Xo
32.Fl -server= Ns Ar principal Oc
33.Xc
34.Oo Fl s Ar time \*(Ba Xo
35.Fl -start-time= Ns Ar time Oc
36.Xc
37.Op Fl k | Fl -use-keytab
38.Op Fl v | Fl -validate
39.Oo Fl e Ar enctype \*(Ba Xo
40.Fl -enctypes= Ns Ar enctype Oc
41.Xc
42.Op Fl -fcache-version= Ns Ar integer
43.Op Fl -no-addresses
44.Op Fl -anonymous
45.Op Fl -version
46.Op Fl -help
47.Op Ar principal
48.Sh DESCRIPTION
49.Nm
50is used to authenticate to the kerberos server as
51.Ar principal ,
52or if none is given, a system generated default (typically your login
53name at the default realm), and acquire a ticket granting ticket that
54can later be used to obtain tickets for other services.
55.Pp
56If you have compiled kinit with Kerberos 4 support and you have a
57Kerberos 4 server,
58.Nm
59will detect this and get you Kerberos 4 tickets.
60.Pp
61Supported options:
62.Bl -tag -width Ds
63.It Xo
64.Fl c Ar cachename
65.Fl -cache= Ns Ar cachename
66.Xc
67The credentials cache to put the acquired ticket in, if other than
68default.
69.It Xo
70.Fl f Ns ,
71.Fl -forwardable
72.Xc
73Get ticket that can be forwarded to another host.
74.It Xo
75.Fl t Ar keytabname Ns ,
76.Fl -keytab= Ns Ar keytabname
77.Xc
78Don't ask for a password, but instead get the key from the specified
79keytab.
80.It Xo
81.Fl l Ar time Ns ,
82.Fl -lifetime= Ns Ar time
83.Xc
84Specifies the lifetime of the ticket. The argument can either be in
85seconds, or a more human readable string like
86.Sq 1h .
87.It Xo
88.Fl p Ns ,
89.Fl -proxiable
90.Xc
91Request tickets with the proxiable flag set.
92.It Xo
93.Fl R Ns ,
94.Fl -renew
95.Xc
96Try to renew ticket. The ticket must have the
97.Sq renewable
98flag set, and must not be expired.
99.It Fl -renewable
100The same as
101.Fl -renewable-life ,
102with an infinite time.
103.It Xo
104.Fl r Ar time Ns ,
105.Fl -renewable-life= Ns Ar time
106.Xc
107The max renewable ticket life.
108.It Xo
109.Fl S Ar principal Ns ,
110.Fl -server= Ns Ar principal
111.Xc
112Get a ticket for a service other than krbtgt/LOCAL.REALM.
113.It Xo
114.Fl s Ar time Ns ,
115.Fl -start-time= Ns Ar time
116.Xc
117Obtain a ticket that starts to be valid
118.Ar time
119(which can really be a generic time specification, like
120.Sq 1h )
121seconds into the future.
122.It Xo
123.Fl k Ns ,
124.Fl -use-keytab
125.Xc
126The same as
127.Fl -keytab ,
128but with the default keytab name (normally
129.Ar FILE:/etc/krb5.keytab ) .
130.It Xo
131.Fl v Ns ,
132.Fl -validate
133.Xc
134Try to validate an invalid ticket.
135.It Xo
136.Fl e ,
137.Fl -enctypes= Ns Ar enctypes
138.Xc
139Request tickets with this particular enctype.
140.It Xo
141.Fl -fcache-version= Ns Ar version
142.Xc
143Create a credentials cache of version
144.Nm version .
145.It Xo
146.Fl -no-addresses
147.Xc
148Request a ticket with no addresses.
149.It Xo
150.Fl -anonymous
151.Xc
152Request an anonymous ticket (which means that the ticket will be
153issued to an anonymous principal, typically
154.Dq anonymous@REALM).
155.El
156.Pp
157The following options are only available if
158.Nm
159has been compiled with support for Kerberos 4. The
160.Nm kauth
161program is identical to
162.Nm kinit ,
163but has these options enabled by
164default.
165.Bl -tag -width Ds
166.It Xo
167.Fl 4 Ns ,
168.Fl -524init
169.Xc
170Try to convert the obtained Kerberos 5 krbtgt to a version 4 compatible
171ticket. It will store this ticket in the default Kerberos 4 ticket
172file.
173.It Fl -afslog
174Gets AFS tickets, converts them to version 4 format, and stores them
175in the kernel. Only useful if you have AFS.
176.El
177.Pp
178The
179.Ar forwardable ,
180.Ar proxiable ,
181.Ar ticket_life ,
182and
183.Ar renewable_life
184options can be set to a default value from the
185.Dv appdefaults
186section in krb5.conf, see
187.Xr krb5_appdefault 3 .
188.Sh ENVIRONMENT
189.Bl -tag -width Ds
190.It Ev KRB5CCNAME
191Specifies the default cache file.
192.It Ev KRB5_CONFIG
193The directory where the
194.Pa krb5.conf
195can be found, default is
196.Pa /etc .
197.It Ev KRBTKFILE
198Specifies the Kerberos 4 ticket file to store version 4 tickets in.
199.El
200.\".Sh FILES
201.\".Sh EXAMPLES
202.\".Sh DIAGNOSTICS
203.Sh SEE ALSO
204.Xr kdestroy 1 ,
205.Xr klist 1 ,
206.Xr krb5.conf 5 ,
207.Xr krb5_appdefault 3
208.\".Sh STANDARDS
209.\".Sh HISTORY
210.\".Sh AUTHORS
211.\".Sh BUGS
10.Sh SYNOPSIS
11.Nm kinit
12.Op Fl 4 | Fl -524init
13.Op Fl -afslog
14.Oo Fl c Ar cachename \*(Ba Xo
15.Fl -cache= Ns Ar cachename Oc
16.Xc
17.Op Fl f | Fl -forwardable
18.Oo Fl t Ar keytabname \*(Ba Xo
19.Fl -keytab= Ns Ar keytabname Oc
20.Xc
21.Oo Fl l Ar time \*(Ba Xo
22.Fl -lifetime= Ns Ar time Oc
23.Xc
24.Op Fl p | Fl -proxiable
25.Op Fl R | Fl -renew
26.Op Fl -renewable
27.Oo Fl r Ar time \*(Ba Xo
28.Fl -renewable-life= Ns Ar time Oc
29.Xc
30.Oo Fl S Ar principal \*(Ba Xo
31.Fl -server= Ns Ar principal Oc
32.Xc
33.Oo Fl s Ar time \*(Ba Xo
34.Fl -start-time= Ns Ar time Oc
35.Xc
36.Op Fl k | Fl -use-keytab
37.Op Fl v | Fl -validate
38.Oo Fl e Ar enctype \*(Ba Xo
39.Fl -enctypes= Ns Ar enctype Oc
40.Xc
41.Op Fl -fcache-version= Ns Ar integer
42.Op Fl -no-addresses
43.Op Fl -anonymous
44.Op Fl -version
45.Op Fl -help
46.Op Ar principal
47.Sh DESCRIPTION
48.Nm
49is used to authenticate to the kerberos server as
50.Ar principal ,
51or if none is given, a system generated default (typically your login
52name at the default realm), and acquire a ticket granting ticket that
53can later be used to obtain tickets for other services.
54.Pp
55If you have compiled kinit with Kerberos 4 support and you have a
56Kerberos 4 server,
57.Nm
58will detect this and get you Kerberos 4 tickets.
59.Pp
60Supported options:
61.Bl -tag -width Ds
62.It Xo
63.Fl c Ar cachename
64.Fl -cache= Ns Ar cachename
65.Xc
66The credentials cache to put the acquired ticket in, if other than
67default.
68.It Xo
69.Fl f Ns ,
70.Fl -forwardable
71.Xc
72Get ticket that can be forwarded to another host.
73.It Xo
74.Fl t Ar keytabname Ns ,
75.Fl -keytab= Ns Ar keytabname
76.Xc
77Don't ask for a password, but instead get the key from the specified
78keytab.
79.It Xo
80.Fl l Ar time Ns ,
81.Fl -lifetime= Ns Ar time
82.Xc
83Specifies the lifetime of the ticket. The argument can either be in
84seconds, or a more human readable string like
85.Sq 1h .
86.It Xo
87.Fl p Ns ,
88.Fl -proxiable
89.Xc
90Request tickets with the proxiable flag set.
91.It Xo
92.Fl R Ns ,
93.Fl -renew
94.Xc
95Try to renew ticket. The ticket must have the
96.Sq renewable
97flag set, and must not be expired.
98.It Fl -renewable
99The same as
100.Fl -renewable-life ,
101with an infinite time.
102.It Xo
103.Fl r Ar time Ns ,
104.Fl -renewable-life= Ns Ar time
105.Xc
106The max renewable ticket life.
107.It Xo
108.Fl S Ar principal Ns ,
109.Fl -server= Ns Ar principal
110.Xc
111Get a ticket for a service other than krbtgt/LOCAL.REALM.
112.It Xo
113.Fl s Ar time Ns ,
114.Fl -start-time= Ns Ar time
115.Xc
116Obtain a ticket that starts to be valid
117.Ar time
118(which can really be a generic time specification, like
119.Sq 1h )
120seconds into the future.
121.It Xo
122.Fl k Ns ,
123.Fl -use-keytab
124.Xc
125The same as
126.Fl -keytab ,
127but with the default keytab name (normally
128.Ar FILE:/etc/krb5.keytab ) .
129.It Xo
130.Fl v Ns ,
131.Fl -validate
132.Xc
133Try to validate an invalid ticket.
134.It Xo
135.Fl e ,
136.Fl -enctypes= Ns Ar enctypes
137.Xc
138Request tickets with this particular enctype.
139.It Xo
140.Fl -fcache-version= Ns Ar version
141.Xc
142Create a credentials cache of version
143.Nm version .
144.It Xo
145.Fl -no-addresses
146.Xc
147Request a ticket with no addresses.
148.It Xo
149.Fl -anonymous
150.Xc
151Request an anonymous ticket (which means that the ticket will be
152issued to an anonymous principal, typically
153.Dq anonymous@REALM).
154.El
155.Pp
156The following options are only available if
157.Nm
158has been compiled with support for Kerberos 4. The
159.Nm kauth
160program is identical to
161.Nm kinit ,
162but has these options enabled by
163default.
164.Bl -tag -width Ds
165.It Xo
166.Fl 4 Ns ,
167.Fl -524init
168.Xc
169Try to convert the obtained Kerberos 5 krbtgt to a version 4 compatible
170ticket. It will store this ticket in the default Kerberos 4 ticket
171file.
172.It Fl -afslog
173Gets AFS tickets, converts them to version 4 format, and stores them
174in the kernel. Only useful if you have AFS.
175.El
176.Pp
177The
178.Ar forwardable ,
179.Ar proxiable ,
180.Ar ticket_life ,
181and
182.Ar renewable_life
183options can be set to a default value from the
184.Dv appdefaults
185section in krb5.conf, see
186.Xr krb5_appdefault 3 .
187.Sh ENVIRONMENT
188.Bl -tag -width Ds
189.It Ev KRB5CCNAME
190Specifies the default cache file.
191.It Ev KRB5_CONFIG
192The directory where the
193.Pa krb5.conf
194can be found, default is
195.Pa /etc .
196.It Ev KRBTKFILE
197Specifies the Kerberos 4 ticket file to store version 4 tickets in.
198.El
199.\".Sh FILES
200.\".Sh EXAMPLES
201.\".Sh DIAGNOSTICS
202.Sh SEE ALSO
203.Xr kdestroy 1 ,
204.Xr klist 1 ,
205.Xr krb5.conf 5 ,
206.Xr krb5_appdefault 3
207.\".Sh STANDARDS
208.\".Sh HISTORY
209.\".Sh AUTHORS
210.\".Sh BUGS