kinit(1)

Requests a ticket with the lifetime value defined in life_time. The value for life_time must be followed immediately by one of the following delimiters:

For example, as in kinit -l 90m for 90 minutes. You cannot mix units; a value of 3h30m will result in an error.

If the -l option is not specified, the default ticket lifetime (configured by each site) is used. Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) results in a ticket with the maximum lifetime.

Requests a postdated ticket, valid starting at start_time. The value for start_time must be followed immediately by one of the following delimiters:

Postdated tickets are issued with the invalid flag set, and need to be fed back to the Kerberos KDC (Key Distribution Center) before use.

Requests that the ticket granting ticket in the cache (with the invalid flag set) be passed to the KDC for validation. If the ticket is within its requested time range, the cache is replaced with the validated ticket.

Requests proxiable tickets.

Do not request proxiable tickets. (Not applicable to Kerberos 4.)

Requests forwardable tickets.

Do not request forwardable tickets. (Not applicable to Kerberos 4.)

Request tickets with the local address(es). (Not applicable to Kerberos 4.)

Request tickets that do not have addresses. (Not applicable to Kerberos 4.)

Requests renewable tickets, with a total lifetime of renewable_life. The value for renewable_life must be followed immediately by one of the following delimiters:

Requests renewal of the ticket-granting ticket. Note that an expired ticket cannot be renewed, even if the ticket is still within its renewable life.

Requests a host ticket, obtained from a key in the local host's keytab file. The name and location of the keytab file may be specified with the -t keytab_filename option; otherwise the default name and location will be used.

Uses cache_filename as the credentials ticket cache name and location. If this option is not used, the default cache name and location are used.

The default credentials cache may vary between systems. If the KRB5CCNAME environment variable is set, its value is used to name the default ticket cache. Any existing contents of the cache are destroyed by kinit.

Specifies an alternate service name to use when getting initial tickets.

Uses the principal name from an existing cache if there is one.

This relationship specifies if a user can obtain a forwardable ticket. Valid values it can be set to are: true, false, yes, y, no, n, on, off.

This relationship specifies if a user can obtain a proxiable ticket. Valid values it can be set to are: true, false, yes, y, no, n, on, off.

This relationship specifies the lifetime of the ticket to be obtained. The unit of lifetime is either seconds, minutes, hours or days.

This relationship specifies the renewable life of the ticket to be obtained. The unit of lifetime is either seconds, minutes, hours or days.

Location of the credentials ticket cache.