NAME
kinit - obtain and cache Kerberos ticket-granting ticket
SYNOPSIS
kkiinniitt [-VV] [-ll lifetime] [-ss starttime] [-rr renewablelife] [-pp | -PP]
[-ff | -FF] [-aa | -AA] [-vv] [-RR] [-kk [-tt keytabfile]] [-SS ser-
vicename] [principal]DESCRIPTION
kinit obtains and caches an initial ticket-granting ticket for princi-
pal. Any existing tickets for principal are overwritten. kinit will
try to acquire both Kerberos 5 and Kerberos 4 initial tickets if the appropriate configuration information is available. OOPPTTIIOONNSS-VV display verbose output.
-ll lifetime
requests a ticket with the lifetime lifetime. The value for lifetime must be followed immediately by one of the following delimiters: ss seconds mm minutes hh hours dd daysas in "kinit -l 90m". You cannot mix units; a value of '3h30m'
will result in an error.If the -ll option is not specified, the default ticket lifetime
(configured by each site) is used. Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) results in a ticket with the maximum lifetime.-ss starttime
requests a postdated ticket, valid starting at starttime. Postdated tickets are issued with the invalid flag set, and need to be validated by the kdc before use.-rr renewablelife
requests renewable tickets, with a total lifetime of renew-
ablelife. The duration is in the same format as the -ll option,
with the same delimiters.-ff request forwardable tickets.
-FF request tickets which are not forwardable.
-pp request proxiable tickets.
-PP request tickets which are not proxiable.
-aa request tickets containing the host's local address(es).
-AA request address-less tickets.
-vv requests that the ticket granting ticket in the cache (with the
invalid flag set) be passed to the kdc for validation. If the ticket is within its requested time range, the cache is replaced with the validated ticket.-RR requests renewal of the ticket-granting ticket. Note that an
expired ticket cannot be renewed, even if the ticket is still within its renewable life. This option will only get Kerberos 4 tickets if the kdc must support Kerberos 5 to Kerberos 4 ticket conversion.-kk [-tt keytabfile]
requests a host ticket, obtained from a key in the local host's keytab file. The name and location of the keytab file may bespecified with the -tt keytabfile option; otherwise the default
name and location will be used. This option will only get Ker-
beros 4 tickets if the kdc must support Kerberos 5 to Kerberos 4 ticket conversion.-SS servicename
specify an alternate service name to use when getting initial tickets. (Applicable to Kerberos 5 or if using both Kerberos 5 and Kerberos 4 with a kdc that supports Kerberos 5 to Kerberos 4 ticket conversion.) FILES /etc/krb5.keytab default location for the local host's kkeeyyttaabb file.SEE ALSO
klist(1), kdestroy(1), kpasswd(1), kswitch(1) KINIT(1)