- online man pages   

SunOS man pages : kinit (1)

User Commands                                            kinit(1)


kinit - obtain and cache Kerberos ticket-granting ticket


/usr/bin/kinit [ -fpRv ] [ -c cache_name ] [ -k [ -t keytab_file ] ] [ -l lifetime ] [ -r renewable_life ] [ -s start_time ] [ -S service_name ] [ principal ]


The kinit command is used to obtain and cache an initial ticket-granting ticket (credential) for principal. This ticket is used for authentication by the Kerberos system. Notice that only users with Kerberos principals can use the Kerberos system. For information about Kerberos principals, see SEAM(5). When you use kinit without options, the utility prompts for your principal and Kerberos password, and tries to authenti- cate your login with the local Kerberos server. The princi- pal can be specified on the command line if desired. If Kerberos authenticates the login attempt, kinit retrieves your initial ticket-granting ticket and puts it in the ticket cache. By default your ticket will be stored in the file /tmp/krb5cc_uid, where uid specifies your user identif- ication number. Tickets expire after a specified lifetime, after which kinit must be run again. Any existing contents of the cache are destroyed by kinit. The kdestroy(1) command may be used to destroy any active tickets before you end your login session.


The following options are supported: -c cache_name Use cache_name as the credentials (ticket) cache name and location. If this option is not used, the default cache name and location are used. -f Requests forwardable tickets. -k [-t keytab_file] Requests a host ticket, obtained from a key in the local host's keytab file. The name and location of the keytab file may be specified with the -t keytab_file option; otherwise the default name and location will be used. -l lifetime Requests a ticket with the lifetime lifetime. If the -l option is not specified, the default ticket SunOS 5.8 Last change: 17 Nov 1999 1 User Commands kinit(1) lifetime (configured by each site) is used. Specifying a ticket lifetime longer than the maximum ticket life- time (configured by each site) results in a ticket with the maximum lifetime. See the Time Formats sec- tion for the valid time duration formats that you can specify for lifetime. -p Requests proxiable tickets. -r renewable_life Requests renewable tickets, with a total lifetime of renewable_life. See the Time Formats section for the valid time duration formats that you can specify for renewable_life. -R Requests renewal of the ticket-granting ticket. Notice that an expired ticket cannot be renewed, even if the ticket is still within its renewable life. -s start_time Requests a postdated ticket, valid starting at start_time. Postdated tickets are issued with the invalid flag set, and need to be fed back to the KDC before use. See the Time Formats section for either the valid absolute time or time duration formats that you can specify for start_time. kinit attempts to match an absolute time first before trying to match a time duration. -S service_name Specifies an alternate service name to use when get- ting initial tickets. -v Requests that the ticket granting ticket in the cache (with the invalid flag set) be passed to the KDC for validation. If the ticket is within its requested time range, the cache is replaced with the validated ticket. Time Formats The following absolute time formats can be used for the -s start_time option. The examples are based on the date and time of July 2, 1999, 1:35:30 p.m. SunOS 5.8 Last change: 17 Nov 1999 2 User Commands kinit(1) ____________________________________________________________ | Absolute Time Format | Example | | yymmddhhmm[ss] | 990702133530 | | hhmm[ss] | 133530 | | | 99:07:02:13:35:30 | | hh:mm[:ss] | 13:35:30 | | ldate:ltime | 07-07-99:13:35:30 | | dd-month-yyyy:hh:mm[:ss] | 02-july-1999:13:35:30 | |_____________________________|_____________________________| Variable Description dd day hh hour (24-hour clock) mm minutes ss seconds yy year within century (0-68 is 2000 to 2068; 69-99 is 1969 to 1999) yyyy year including century month locale's full or abbrevi- ated month name ldate locale's appropriate date representation ltime locale's appropriate time representation The following time duration formats can be used for the -l lifetime, -r renewable_life, and -sstart_time options. The examples are based on the time duration of 14 days, 7 hours, 5 minutes, and 30 seconds. SunOS 5.8 Last change: 17 Nov 1999 3 User Commands kinit(1) ____________________________________________________________ | Time Duration Format | Example | | #d | 14d | | #h | 7h | | #m | 5m | | #s | 30s | | #d#h#m#s | 14d7h5m30s | | #h#m[#s] | 7h5m30s | | days-hh:mm:ss | 14-07:05:30 | | hours:mm[:ss] | 7:05:30 | |_____________________________|_____________________________| Delimiter Description d number of days h number of hours m number of minutes s number of seconds Variable Description # number days number of days hours number of hours hh hour (24-hour clock) mm minutes ss seconds


kinit uses the following environment variable: KRB5CCNAME Location of the credentials (ticket) cache.


/tmp/krb5cc_uid Default credentials cache (uid is the decimal UID of the user). /etc/krb5/krb5.keytab Default location for the local host's keytab file.


See attributes(5) for descriptions of the following attri- butes: SunOS 5.8 Last change: 17 Nov 1999 4 User Commands kinit(1) ____________________________________________________________ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | |_____________________________|_____________________________| | Availability | SUNWcsu | |_____________________________|_____________________________|


kdestroy(1), klist(1), attributes(5), SEAM(5)


Steve Miller, MIT Project Athena/Digital Equipment Corpora- tion; Clifford Neuman, MIT Project Athena SunOS 5.8 Last change: 17 Nov 1999 5