Introduction to the Kerberos Products and GSS-API

 

 

 

KRB5 Client Software

 

/usr/bin/kinit

-R [principal]

 

/usr/bin/kinit

-k [-t keytab_file][principal]

 

/usr/bin/kinit

-c [cache_name] [principal]

 

/usr/bin/kinit

-S service_name [principal]

Options

-l lifetime

The -loption requests a ticket with the lifetime of the

 

 

value defined in lifetime. The value for life_time

 

 

must be followed immediately by one of the following

 

 

delimiters:

 

 

s - seconds

 

 

m- minutes

 

 

h- hours

 

 

d- days

 

 

For example: kinit -l 90m for 90 minutes

 

 

You cannot mix units; a value of 3h30m will result in an

 

 

error.

 

 

If the -loption is not specified, the default ticket

 

 

lifetime (configured by each site) is used. Specifying a

 

 

ticket lifetime longer than the maximum ticket life

 

 

(configured by each site) results in a ticket with the

 

 

maximum lifetime.

 

-sstart_time

The -soption requests a postdated ticket, valid

 

 

starting at start_time. Postdated tickets are issued

 

 

with the invalid flag set, and need to be passed back to

 

 

the KDC before use.

 

-v

The -voption requests that the TGT in the cache be

 

 

passed to the KDC for validation. If the ticket is within

 

 

its requested time range, the cache is replaced with the

 

 

validated ticket.

 

-p

The -poption requests a proxiable ticket.

 

-f

The -foption requests a forwardable ticket.

-r renewable_life The -roption requests renewable tickets, with a total lifetime of renewable_life. The duration is in the same format as the -loption, with the same delimiters.

Chapter 2

57