1 .\" $Id: kinit.1,v 1.20 2002/08/28 16:09:36 joda Exp $
9 .Nd acquire initial tickets
12 .Op Fl 4 | Fl -524init
13 .Op Fl 9 | Fl -524convert
15 .Oo Fl c Ar cachename \*(Ba Xo
16 .Fl -cache= Ns Ar cachename
19 .Op Fl f | Fl -forwardable
20 .Oo Fl t Ar keytabname \*(Ba Xo
21 .Fl -keytab= Ns Ar keytabname
24 .Oo Fl l Ar time \*(Ba Xo
25 .Fl -lifetime= Ns Ar time
28 .Op Fl p | Fl -proxiable
31 .Oo Fl r Ar time \*(Ba Xo
32 .Fl -renewable-life= Ns Ar time
35 .Oo Fl S Ar principal \*(Ba Xo
36 .Fl -server= Ns Ar principal
39 .Oo Fl s Ar time \*(Ba Xo
40 .Fl -start-time= Ns Ar time
43 .Op Fl k | Fl -use-keytab
44 .Op Fl v | Fl -validate
45 .Oo Fl e Ar enctypes \*(Ba Xo
46 .Fl -enctypes= Ns Ar enctypes
49 .Oo Fl a Ar addresses \*(Ba Xo
50 .Fl -extra-addresses= Ns Ar addresses
53 .Op Fl -fcache-version= Ns Ar integer
58 .Op Ar principal Op Ar command
61 is used to authenticate to the kerberos server as
63 or if none is given, a system generated default (typically your login
64 name at the default realm), and acquire a ticket granting ticket that
65 can later be used to obtain tickets for other services.
69 with Kerberos 4 support and you have a
72 will detect this and get you Kerberos 4 tickets.
78 .Fl -cache= Ns Ar cachename
80 The credentials cache to put the acquired ticket in, if other than
86 Get ticket that can be forwarded to another host.
89 .Fl -keytab= Ns Ar keytabname
91 Don't ask for a password, but instead get the key from the specified
95 .Fl -lifetime= Ns Ar time
97 Specifies the lifetime of the ticket. The argument can either be in
98 seconds, or a more human readable string like
104 Request tickets with the proxiable flag set.
109 Try to renew ticket. The ticket must have the
111 flag set, and must not be expired.
114 .Fl -renewable-life ,
115 with an infinite time.
118 .Fl -renewable-life= Ns Ar time
120 The max renewable ticket life.
123 .Fl -server= Ns Ar principal
125 Get a ticket for a service other than krbtgt/LOCAL.REALM.
128 .Fl -start-time= Ns Ar time
130 Obtain a ticket that starts to be valid
132 (which can really be a generic time specification, like
134 seconds into the future.
141 but with the default keytab name (normally
142 .Ar FILE:/etc/krb5.keytab ) .
147 Try to validate an invalid ticket.
150 .Fl -enctypes= Ns Ar enctypes
152 Request tickets with this particular enctype.
154 .Fl -fcache-version= Ns Ar version
156 Create a credentials cache of version
160 .Fl -extra-addresses= Ns Ar enctypes
162 Adds a set of addresses that will, in addition to the systems local
163 addresses, be put in the ticket. This can be useful if all addresses a
164 client can use can't be automatically figured out. One such example is
165 if the client is behind a firewall. Also settable via
166 .Li libdefaults/extra_addresses
172 Request a ticket with no addresses.
176 Request an anonymous ticket (which means that the ticket will be
177 issued to an anonymous principal, typically
178 .Dq anonymous@REALM ) .
181 The following options are only available if
183 has been compiled with support for Kerberos 4.
189 Try to convert the obtained Kerberos 5 krbtgt to a version 4
190 compatible ticket. It will store this ticket in the default Kerberos 4
196 only convert ticket to version 4
198 Gets AFS tickets, converts them to version 4 format, and stores them
199 in the kernel. Only useful if you have AFS.
208 options can be set to a default value from the
210 section in krb5.conf, see
211 .Xr krb5_appdefault 3 .
217 will setup new credentials caches, and AFS PAG, and then run the given
218 command. When it finishes the credentials will be removed.
222 Specifies the default credentials cache.
229 Specifies the Kerberos 4 ticket file to store version 4 tickets in.
237 .Xr krb5_appdefault 3 ,