MyWebUniversity.com Home Page
 



Darwin Mac OS X man pages main menu 
KINIT(1)                                                              KINIT(1)



NAME
       kinit - obtain and cache Kerberos ticket-granting ticket

SYNOPSIS
       kinit  [-V] [-l lifetime] [-s starttime] [-r renewablelife] [-p  -P]
              [-f  -F] [-a  -A] [-v] [-R] [-k [-t keytabfile] [-S ser-
              vicename] [principal]

DESCRIPTION
       kinit  obtains and caches an initial ticket-granting ticket for princi-
       pal.  Any existing tickets for principal are overwritten.   kinit  will
       try  to  acquire  both Kerberos 5 and Kerberos 4 initial tickets if the
       appropriate configuration information is available.

OPTIONS
       -V     display verbose output.

       -l lifetime
              requests a ticket with the  lifetime  lifetime.  The  value  for
              lifetime  must  be  followed immediately by one of the following
              delimiters:

                 s  seconds
                 m  minutes
                 h  hours
                 d  days

              as in "kinit -l 90m".  You cannot mix units; a value of  '3h30m'
              will result in an error.

              If  the  -l option is not specified, the default ticket lifetime
              (configured by each site) is used.  Specifying a ticket lifetime
              longer  than  the  maximum  ticket  lifetime (configured by each
              site) results in a ticket with the maximum lifetime.

       -s starttime
              requests a  postdated  ticket,  valid  starting  at  starttime.
              Postdated tickets are issued with the invalid flag set, and need
              to be validated by the kdc before use.

       -r renewablelife
              requests renewable tickets, with  a  total  lifetime  of  renew-
              ablelife.  The duration is in the same format as the -l option,
              with the same delimiters.

       -f     request forwardable tickets.

       -F     request tickets which are not forwardable.

       -p     request proxiable tickets.

       -P     request tickets which are not proxiable.

       -a     request tickets containing the host's local address(es).

       -A     request address-less tickets.

       -v     requests that the ticket granting ticket in the cache (with  the
              invalid  flag  set) be passed to the kdc for validation.  If the
              ticket is within its requested time range, the cache is replaced
              with the validated ticket.

       -R     requests  renewal  of  the ticket-granting ticket.  Note that an
              expired ticket cannot be renewed, even if the  ticket  is  still
              within its renewable life.  This option will only get Kerberos 4
              tickets if the kdc must support Kerberos 5 to Kerberos 4  ticket
              conversion.

       -k [-t keytabfile]
              requests  a host ticket, obtained from a key in the local host's
              keytab file.  The name and location of the keytab  file  may  be
              specified  with the -t keytabfile option; otherwise the default
              name and location will be used.  This option will only get  Ker-
              beros 4 tickets if the kdc must support Kerberos 5 to Kerberos 4
              ticket conversion.

       -S servicename
              specify an alternate service name to use  when  getting  initial
              tickets.   (Applicable to Kerberos 5 or if using both Kerberos 5
              and Kerberos 4 with a kdc that supports Kerberos 5 to Kerberos 4
              ticket conversion.)

FILES
       /etc/krb5.keytab
              default location for the local host's keytab file.

SEE ALSO
       klist(1), kdestroy(1), kpasswd(1), kswitch(1)



                                                                      KINIT(1)
Darwin Mac OS X man pages main menu
Contact us      |       About us      |       Term of use      |       Copyright © 2000-2010 MyWebUniversity.com ™