Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > K

kinit(1)

HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

NAME

kinit — obtain and cache the Kerberos ticket-granting ticket

SYNOPSIS

kinit [-l life_time] [-s start_time] [-v] [-p | -P] [-f | -F] [-a | -A] [-k [-t keytab_filename]] [-r renewable_life] [-R] [-c cache_filename] [-S service-name] [principal]

DESCRIPTION

kinit obtains and caches an initial ticket-granting ticket for the principal.

Options

-l life_time

Requests a ticket with the lifetime value defined in life_time. The value for life_time must be followed immediately by one of the following delimiters:

s

seconds

m

minutes

h

hours

d

days

For example, as in kinit -l 90m for 90 minutes. You cannot mix units; a value of 3h30m will result in an error.

If the -l option is not specified, the default ticket lifetime (configured by each site) is used. Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) results in a ticket with the maximum lifetime.

-s start_time

Requests a postdated ticket, valid starting at start_time. The value for start_time must be followed immediately by one of the following delimiters:

s

seconds

m

minutes

h

hours

d

days

Postdated tickets are issued with the invalid flag set, and need to be fed back to the Kerberos KDC (Key Distribution Center) before use.

-v

Requests that the ticket granting ticket in the cache (with the invalid flag set) be passed to the KDC for validation. If the ticket is within its requested time range, the cache is replaced with the validated ticket.

-p

Requests proxiable tickets.

-P

Do not request proxiable tickets. (Not applicable to Kerberos 4.)

-f

Requests forwardable tickets.

-F

Do not request forwardable tickets. (Not applicable to Kerberos 4.)

-a

Request tickets with the local address(es). (Not applicable to Kerberos 4.)

-A

Request tickets that do not have addresses. (Not applicable to Kerberos 4.)

-r renewable_life

Requests renewable tickets, with a total lifetime of renewable_life. The value for renewable_life must be followed immediately by one of the following delimiters:

s

seconds

m

minutes

h

hours

d

days

-R

Requests renewal of the ticket-granting ticket. Note that an expired ticket cannot be renewed, even if the ticket is still within its renewable life.

-k [-t keytab_filename]

Requests a host ticket, obtained from a key in the local host's keytab file. The name and location of the keytab file may be specified with the -t keytab_filename option; otherwise the default name and location will be used.

-c cache_filename

Uses cache_filename as the credentials ticket cache name and location. If this option is not used, the default cache name and location are used.

The default credentials cache may vary between systems. If the KRB5CCNAME environment variable is set, its value is used to name the default ticket cache. Any existing contents of the cache are destroyed by kinit.

-S service_name

Specifies an alternate service name to use when getting initial tickets.

principal

Uses the principal name from an existing cache if there is one.

kinit supports the [appdefaults] section. The relationships specified here can be over-ridden by the command-line options. The following relationships are supported by kinit in the [appdefaults] section:

forwardable

This relationship specifies if a user can obtain a forwardable ticket. Valid values it can be set to are: true, false, yes, y, no, n, on, off.

proxiable

This relationship specifies if a user can obtain a proxiable ticket. Valid values it can be set to are: true, false, yes, y, no, n, on, off.

tkt_lifetime

This relationship specifies the lifetime of the ticket to be obtained. The unit of lifetime is either seconds, minutes, hours or days.

renew_lifetime

This relationship specifies the renewable life of the ticket to be obtained. The unit of lifetime is either seconds, minutes, hours or days.

Note

For DCE operations, use /opt/dce/bin/kinit.

EXTERNAL INFLUENCES

Environment Variables

kinit uses the following environment variable:

KRB5CCNAME

Location of the credentials ticket cache.

AUTHOR

kinit was developed by the Massachusetts Institute of Technology.

FILES

/tmp/krb5cc_{uid}

Default credentials cache. {uid} is the decimal UID of the user.

/etc/krb5.keytab

Default location for the local host's keytab file.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.