Introduction to the Kerberos Products and GSS-API

KRB5 Client Software

-R

The -Roption requests renewal of the TGT. You cannot

 

renew an expired ticket even if the ticket is still within

 

its renewable life.

-k[-t keytab_file] The -koption requests a host ticket obtained from a key in the local host’s keytab file. You can specify the name and location of the keytab file with the -t keytab_file option; otherwise the default name and location will be used.

The default credentials cache can vary between systems. If the KRB5CCNAME environment variable is set, its value is used to name the default ticket cache. Any existing contents of the cache are destroyed by kinit.

-c [cache_filename] The -coption uses cache_name as the credentials (ticket) cache name and location; otherwise, the default cache name and location will be used.

-S service_name The -soption specifies an alternate service name to get initial tickets.

Principal The Principal uses the principal name from an existing cache, if there is one.

The kinit utility supports the [appdefaults] section. The relationships specified here can be over-ridden by the command-line options. The following relationships are supported by kinit in the [appdefaults] section:

forwardable

This relationship specifies if an user can obtain a

 

forwardable ticket. Valid values with which it can be

 

set are true, false, yes, y, no, n, on, and off.

proxiable

This relationship specifies if a user can obtain a

 

proxiable ticket. Valid values to which it can be set are

 

true, false, yes, y, no, n, on, and off.

tkt_lifetime

This relationship specifies the lifetime of the ticket to

 

be obtained. The unit of lifetime is either seconds,

 

minutes, hours or days.

renew_lifetime

This relationship specifies the renewable life of the

 

ticket to be obtained. The unit of lifetime is either

 

seconds, minutes, hours or days.

58

Chapter 2