Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

kinit.1@ 4

Last change on this file since 4 was 1, checked in by Paul Smedley, 10 years ago
Initial commit of Heimdal 1.5.3
File size: 6.7 KB

Line
1	.\" Copyright (c) 1998 - 2003, 2006 Kungliga Tekniska HÃ¶gskolan
2	.\" (Royal Institute of Technology, Stockholm, Sweden).
3	.\" All rights reserved.
4	.\"
5	.\" Redistribution and use in source and binary forms, with or without
6	.\" modification, are permitted provided that the following conditions
7	.\" are met:
8	.\"
9	.\" 1. Redistributions of source code must retain the above copyright
10	.\" notice, this list of conditions and the following disclaimer.
11	.\"
12	.\" 2. Redistributions in binary form must reproduce the above copyright
13	.\" notice, this list of conditions and the following disclaimer in the
14	.\" documentation and/or other materials provided with the distribution.
15	.\"
16	.\" 3. Neither the name of the Institute nor the names of its contributors
17	.\" may be used to endorse or promote products derived from this software
18	.\" without specific prior written permission.
19	.\"
20	.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30	.\" SUCH DAMAGE.
31	.\"
32	.\" $Id$
33	.\"
34	.Dd April 25, 2006
35	.Dt KINIT 1
36	.Os HEIMDAL
37	.Sh NAME
38	.Nm kinit
39	.Nd acquire initial tickets
40	.Sh SYNOPSIS
41	.Nm kinit
42	.Op Fl Fl afslog
43	.Oo Fl c Ar cachename \*(Ba Xo
44	.Fl Fl cache= Ns Ar cachename
45	.Xc
46	.Oc
47	.Op Fl f \| Fl Fl no-forwardable
48	.Oo Fl t Ar keytabname \*(Ba Xo
49	.Fl Fl keytab= Ns Ar keytabname
50	.Xc
51	.Oc
52	.Oo Fl l Ar time \*(Ba Xo
53	.Fl Fl lifetime= Ns Ar time
54	.Xc
55	.Oc
56	.Op Fl p \| Fl Fl proxiable
57	.Op Fl R \| Fl Fl renew
58	.Op Fl Fl renewable
59	.Oo Fl r Ar time \*(Ba Xo
60	.Fl Fl renewable-life= Ns Ar time
61	.Xc
62	.Oc
63	.Oo Fl S Ar principal \*(Ba Xo
64	.Fl Fl server= Ns Ar principal
65	.Xc
66	.Oc
67	.Oo Fl s Ar time \*(Ba Xo
68	.Fl Fl start-time= Ns Ar time
69	.Xc
70	.Oc
71	.Op Fl k \| Fl Fl use-keytab
72	.Op Fl v \| Fl Fl validate
73	.Oo Fl e Ar enctypes \*(Ba Xo
74	.Fl Fl enctypes= Ns Ar enctypes
75	.Xc
76	.Oc
77	.Oo Fl a Ar addresses \*(Ba Xo
78	.Fl Fl extra-addresses= Ns Ar addresses
79	.Xc
80	.Oc
81	.Op Fl Fl password-file= Ns Ar filename
82	.Op Fl Fl fcache-version= Ns Ar version-number
83	.Op Fl A \| Fl Fl no-addresses
84	.Op Fl Fl anonymous
85	.Op Fl Fl enterprise
86	.Op Fl Fl version
87	.Op Fl Fl help
88	.Op Ar principal Op Ar command
89	.Sh DESCRIPTION
90	.Nm
91	is used to authenticate to the Kerberos server as
92	.Ar principal ,
93	or if none is given, a system generated default (typically your login
94	name at the default realm), and acquire a ticket granting ticket that
95	can later be used to obtain tickets for other services.
96	.Pp
97	Supported options:
98	.Bl -tag -width Ds
99	.It Fl c Ar cachename Fl Fl cache= Ns Ar cachename
100	The credentials cache to put the acquired ticket in, if other than
101	default.
102	.It Fl f Fl Fl no-forwardable
103	Get ticket that can be forwarded to another host, or if the negative
104	flags use, don't get a forwardable flag.
105	.It Fl t Ar keytabname , Fl Fl keytab= Ns Ar keytabname
106	Don't ask for a password, but instead get the key from the specified
107	keytab.
108	.It Fl l Ar time , Fl Fl lifetime= Ns Ar time
109	Specifies the lifetime of the ticket.
110	The argument can either be in seconds, or a more human readable string
111	like
112	.Sq 1h .
113	.It Fl p , Fl Fl proxiable
114	Request tickets with the proxiable flag set.
115	.It Fl R , Fl Fl renew
116	Try to renew ticket.
117	The ticket must have the
118	.Sq renewable
119	flag set, and must not be expired.
120	.It Fl Fl renewable
121	The same as
122	.Fl Fl renewable-life ,
123	with an infinite time.
124	.It Fl r Ar time , Fl Fl renewable-life= Ns Ar time
125	The max renewable ticket life.
126	.It Fl S Ar principal , Fl Fl server= Ns Ar principal
127	Get a ticket for a service other than krbtgt/LOCAL.REALM.
128	.It Fl s Ar time , Fl Fl start-time= Ns Ar time
129	Obtain a ticket that starts to be valid
130	.Ar time
131	(which can really be a generic time specification, like
132	.Sq 1h )
133	seconds into the future.
134	.It Fl k , Fl Fl use-keytab
135	The same as
136	.Fl Fl keytab ,
137	but with the default keytab name (normally
138	.Ar FILE:/etc/krb5.keytab ) .
139	.It Fl v , Fl Fl validate
140	Try to validate an invalid ticket.
141	.It Fl e , Fl Fl enctypes= Ns Ar enctypes
142	Request tickets with this particular enctype.
143	.It Fl Fl password-file= Ns Ar filename
144	read the password from the first line of
145	.Ar filename .
146	If the
147	.Ar filename
148	is
149	.Ar STDIN ,
150	the password will be read from the standard input.
151	.It Fl Fl fcache-version= Ns Ar version-number
152	Create a credentials cache of version
153	.Ar version-number .
154	.It Fl a , Fl Fl extra-addresses= Ns Ar enctypes
155	Adds a set of addresses that will, in addition to the systems local
156	addresses, be put in the ticket.
157	This can be useful if all addresses a client can use can't be
158	automatically figured out.
159	One such example is if the client is behind a firewall.
160	Also settable via
161	.Li libdefaults/extra_addresses
162	in
163	.Xr krb5.conf 5 .
164	.It Fl A , Fl Fl no-addresses
165	Request a ticket with no addresses.
166	.It Fl Fl anonymous
167	Request an anonymous ticket (which means that the ticket will be
168	issued to an anonymous principal, typically
169	.Dq anonymous@REALM ) .
170	.It Fl Fl enterprise
171	Parse principal as a enterprise (KRB5-NT-ENTERPRISE) name. Enterprise
172	names are email like principals that are stored in the name part of
173	the principal, and since there are two @ characters the parser needs
174	to know that the first is not a realm.
175	An example of an enterprise name is
176	.Dq lha@e.kth.se@KTH.SE ,
177	and this option is usually used with canonicalize so that the
178	principal returned from the KDC will typically be the real principal
179	name.
180	.It Fl Fl afslog
181	Gets AFS tickets, converts them to version 4 format, and stores them
182	in the kernel.
183	Only useful if you have AFS.
184	.El
185	.Pp
186	The
187	.Ar forwardable ,
188	.Ar proxiable ,
189	.Ar ticket_life ,
190	and
191	.Ar renewable_life
192	options can be set to a default value from the
193	.Dv appdefaults
194	section in krb5.conf, see
195	.Xr krb5_appdefault 3 .
196	.Pp
197	If a
198	.Ar command
199	is given,
200	.Nm
201	will set up new credentials caches, and AFS PAG, and then run the given
202	command.
203	When it finishes the credentials will be removed.
204	.Sh ENVIRONMENT
205	.Bl -tag -width Ds
206	.It Ev KRB5CCNAME
207	Specifies the default credentials cache.
208	.It Ev KRB5_CONFIG
209	The file name of
210	.Pa krb5.conf ,
211	the default being
212	.Pa /etc/krb5.conf .
213	.It Ev KRBTKFILE
214	Specifies the Kerberos 4 ticket file to store version 4 tickets in.
215	.El
216	.\".Sh FILES
217	.\".Sh EXAMPLES
218	.\".Sh DIAGNOSTICS
219	.Sh SEE ALSO
220	.Xr kdestroy 1 ,
221	.Xr klist 1 ,
222	.Xr krb5_appdefault 3 ,
223	.Xr krb5.conf 5
224	.\".Sh STANDARDS
225	.\".Sh HISTORY
226	.\".Sh AUTHORS
227	.\".Sh BUGS

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format