Manual Pages for UNIX Darwin command on man kinit
MyWebUniversity

Manual Pages for UNIX Darwin command on man kinit

KINIT(1) KINIT(1)





NAME
       kinit - obtain and cache Kerberos ticket-granting ticket



SYNOPSIS
       kkiinniitt  [-VV] [-ll lifetime] [-ss starttime] [-rr renewablelife] [-pp | -PP]

              [-ff | -FF] [-aa | -AA] [-vv] [-RR] [-kk [-tt keytabfile]] [-SS ser-

              vicename] [principal]


DESCRIPTION
       kinit  obtains and caches an initial ticket-granting ticket for princi-

       pal.  Any existing tickets for principal are overwritten.   kinit  will

       try  to  acquire  both Kerberos 5 and Kerberos 4 initial tickets if the
       appropriate configuration information is available.

OOPPTTIIOONNSS

       -VV     display verbose output.



       -ll lifetime

              requests a ticket with the  lifetime  lifetime.  The  value  for
              lifetime  must  be  followed immediately by one of the following
              delimiters:

                 ss  seconds
                 mm  minutes
                 hh  hours
                 dd  days


              as in "kinit -l 90m".  You cannot mix units; a value of  '3h30m'

              will result in an error.


              If  the  -ll option is not specified, the default ticket lifetime

              (configured by each site) is used.  Specifying a ticket lifetime
              longer  than  the  maximum  ticket  lifetime (configured by each
              site) results in a ticket with the maximum lifetime.


       -ss starttime

              requests a  postdated  ticket,  valid  starting  at  starttime.
              Postdated tickets are issued with the invalid flag set, and need
              to be validated by the kdc before use.


       -rr renewablelife

              requests renewable tickets, with  a  total  lifetime  of  renew-

              ablelife.  The duration is in the same format as the -ll option,

              with the same delimiters.


       -ff     request forwardable tickets.



       -FF     request tickets which are not forwardable.



       -pp     request proxiable tickets.



       -PP     request tickets which are not proxiable.



       -aa     request tickets containing the host's local address(es).



       -AA     request address-less tickets.



       -vv     requests that the ticket granting ticket in the cache (with  the

              invalid  flag  set) be passed to the kdc for validation.  If the
              ticket is within its requested time range, the cache is replaced
              with the validated ticket.


       -RR     requests  renewal  of  the ticket-granting ticket.  Note that an

              expired ticket cannot be renewed, even if the  ticket  is  still
              within its renewable life.  This option will only get Kerberos 4
              tickets if the kdc must support Kerberos 5 to Kerberos 4  ticket
              conversion.


       -kk [-tt keytabfile]

              requests  a host ticket, obtained from a key in the local host's
              keytab file.  The name and location of the keytab  file  may  be

              specified  with the -tt keytabfile option; otherwise the default

              name and location will be used.  This option will only get  Ker-

              beros 4 tickets if the kdc must support Kerberos 5 to Kerberos 4
              ticket conversion.


       -SS servicename

              specify an alternate service name to use  when  getting  initial
              tickets.   (Applicable to Kerberos 5 or if using both Kerberos 5
              and Kerberos 4 with a kdc that supports Kerberos 5 to Kerberos 4
              ticket conversion.)

FILES       /etc/krb5.keytab
              default location for the local host's kkeeyyttaabb file.


SEE ALSO
       klist(1), kdestroy(1), kpasswd(1), kswitch(1)



                                                                      KINIT(1)



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™