kinit(1) kinit(1)
NAME [Toc] [Back]
kinit - obtain and cache the Kerberos ticket-granting ticket
SYNOPSIS [Toc] [Back]
kinit [-l life_time] [-s start_time] [-v] [-p] [-f]
[-k [-t keytab_filename]] [-r renewable_life] [-R]
[-c cache_filename] [-S service-name] [principal]
DESCRIPTION [Toc] [Back]
kinit obtains and caches an initial ticket-granting ticket for the
principal.
Options [Toc] [Back]
-l life_time Requests a ticket with the lifetime value defined
in life_time. The value for life_time must be
followed immediately by one of the following
delimiters:
s seconds
m minutes
h hours
d days
For example, as in kinit -l 90m for 90 minutes.
You cannot mix units; a value of 3h30m will result
in an error.
If the -l option is not specified, the default
ticket lifetime (configured by each site) is used.
Specifying a ticket lifetime longer than the
maximum ticket lifetime (configured by each site)
results in a ticket with the maximum lifetime.
-s start_time Requests a postdated ticket, valid starting at
start_time. The value for start_time must be
followed immediately by one of the following
delimiters:
s seconds
m minutes
h hours
d days
Postdated tickets are issued with the invalid flag
set, and need to be fed back to the Kerberos KDC
(Key Distribution Center) before use.
-v Requests that the ticket granting ticket in the
cache (with the invalid flag set) be passed to the
KDC for validation. If the ticket is within its
requested time range, the cache is replaced with
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
kinit(1) kinit(1)
the validated ticket.
-p Requests proxiable tickets.
-f Requests forwardable tickets.
-r renewable_life Requests renewable tickets, with a total lifetime
of renewable_life. The value for renewable_life
must be followed immediately by one of the
following delimiters:
s seconds
m minutes
h hours
d days
-R Requests renewal of the ticket-granting ticket.
Note that an expired ticket cannot be renewed,
even if the ticket is still within its renewable
life.
-k [-t keytab_filename]
Requests a host ticket, obtained from a key in the
local host's keytab file. The name and location of
the keytab file may be specified with the -t
keytab_filename option; otherwise the default name
and location will be used.
-c cache_filename Uses cache_filename as the credentials ticket
cache name and location. If this option is not
used, the default cache name and location are
used.
The default credentials cache may vary between
systems. If the KRB5CCNAME environment variable
is set, its value is used to name the default
ticket cache. Any existing contents of the cache
are destroyed by kinit.
-S service_name Specifies an alternate service name to use when
getting initial tickets.
principal Uses the principal name from an existing cache if
there is one.
kinit supports the [appdefaults] section. The relationships specified
here can be over-ridden by the command-line options. The following
relationships are supported by kinit in the [appdefaults] section:
forwardable This relationship specifies if an user can
obtain a forwardable ticket. Valid values with
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003
kinit(1) kinit(1)
which it can be set are: true, false, yes, y,
no, n, on, off.
proxiable This relationship specifies if an user can
obtain a proxiable ticket. Valid values to
which it can be set are: true, false, yes, y,
no, n, on, off.
tkt_lifetime This relationship specifies the lifetime of the
ticket to be obtained. The unit of lifetime is
either seconds, minutes, hours or days.
renew_lifetime This relationship specifies the renewable life
of the ticket to be obtained. The unit of
lifetime is either seconds, minutes, hours or
days.
Note [Toc] [Back]
For DCE operations use /opt/dce/bin/kinit.
EXTERNAL INFLUENCES [Toc] [Back]
Environment Variables
kinit uses the following environment variable:
KRB5CCNAME Location of the credentials ticket cache.
FILES [Toc] [Back]
/tmp/krb5cc_{uid} Default credentials cache. {uid} is the
decimal UID of the user.
/etc/krb5.keytab Default location for the local host's keytab
file.
AUTHOR [Toc] [Back]
kinit was developed by the Massachusetts Institute of Technology.
SEE ALSO [Toc] [Back]
kdestroy(1), klist(1), libkrb5(3), kerberos(5).
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: August 2003 [ Back ] |
