Rechercher une page de manuel
kauth
Langue: en
Version: 112039 (mandriva - 01/05/08)
Section: 1 (Commandes utilisateur)
BSD mandoc
HEIMDAL
NAME
kinit kauth - acquire initial ticketsSYNOPSIS
kinit [-4 | --524init ] [-9 | --524convert ] [--afslog ] [-c cachename | --cache= cachename ] [-f | --forwardable ] [-t keytabname | --keytab= keytabname ] [-l time | --lifetime= time ] [-p | --proxiable ] [-R | --renew ] [--renewable ] [-r time | --renewable-life= time ] [-S principal | --server= principal ] [-s time | --start-time= time ] [-k | --use-keytab ] [-v | --validate ] [-e enctypes | --enctypes= enctypes ] [-a addresses | --extra-addresses= addresses ] [--password-file= filename ] [--fcache-version= version-number ] [-A | --no-addresses ] [--anonymous ] [--version ] [--help ] [principal [command ] ]DESCRIPTION
kinit is used to authenticate to the Kerberos server as principal or if none is given, a system generated default (typically your login name at the default realm), and acquire a ticket granting ticket that can later be used to obtain tickets for other services.If you have compiled kinit with Kerberos 4 support and you have a Kerberos 4 server, kinit will detect this and get you Kerberos 4 tickets.
Supported options:
- -c cachename --cache= cachename
- The credentials cache to put the acquired ticket in, if other than default.
- -f --forwardable
- Get ticket that can be forwarded to another host.
- -t keytabname --keytab= keytabname
- Don't ask for a password, but instead get the key from the specified keytab.
- -l time --lifetime= time
- Specifies the lifetime of the ticket. The argument can either be in seconds, or a more human readable string like `1h'
- -p --proxiable
- Request tickets with the proxiable flag set.
- -R --renew
- Try to renew ticket. The ticket must have the `renewable' flag set, and must not be expired.
- --renewable
- The same as --renewable-life with an infinite time.
- -r time --renewable-life= time
- The max renewable ticket life.
- -S principal --server= principal
- Get a ticket for a service other than krbtgt/LOCAL.REALM.
- -s time --start-time= time
- Obtain a ticket that starts to be valid time (which can really be a generic time specification, like `1h' seconds into the future.
- -k --use-keytab
- The same as --keytab but with the default keytab name (normally FILE:/etc/krb5.keytab )
- -v --validate
- Try to validate an invalid ticket.
- -e --enctypes= enctypes
- Request tickets with this particular enctype.
- --password-file= filename
- read the password from the first line of filename If the filename is STDIN the password will be read from the standard input.
- --fcache-version= version-number
- Create a credentials cache of version version-number
- -a --extra-addresses= enctypes
- Adds a set of addresses that will, in addition to the systems local addresses, be put in the ticket. This can be useful if all addresses a client can use can't be automatically figured out. One such example is if the client is behind a firewall. Also settable via libdefaults/extra_addresses in krb5.conf5.
- -A --no-addresses
- Request a ticket with no addresses.
- --anonymous
- Request an anonymous ticket (which means that the ticket will be issued to an anonymous principal, typically ``anonymous@REALM )''
The following options are only available if kinit has been compiled with support for Kerberos 4.
- -4 --524init
- Try to convert the obtained Kerberos 5 krbtgt to a version 4 compatible ticket. It will store this ticket in the default Kerberos 4 ticket file.
- -9 --524convert
- only convert ticket to version 4
- --afslog
- Gets AFS tickets, converts them to version 4 format, and stores them in the kernel. Only useful if you have AFS.
The forwardable proxiable ticket_life and renewable_life options can be set to a default value from the appdefaults section in krb5.conf, see krb5_appdefault3.
If a command is given, kinit will set up new credentials caches, and AFS PAG, and then run the given command. When it finishes the credentials will be removed.
ENVIRONMENT
- KRB5CCNAME
- Specifies the default credentials cache.
- KRB5_CONFIG
- The file name of krb5.conf the default being /etc/krb5.conf
- KRBTKFILE
- Specifies the Kerberos 4 ticket file to store version 4 tickets in.
SEE ALSO
kdestroy(1), klist(1), krb5_appdefault3, krb5.conf5Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre