kinit(1)kinit(1)NAMEkinit - obtain and cache the Kerberos ticket-granting ticket
SYNOPSIS
life_time] start_time] keytab_filename]] renewable_life] cache_file‐
name] service-name] [principal]
DESCRIPTION
obtains and caches an initial ticket-granting ticket for the principal.
Options
Requests a ticket with the lifetime
value defined in life_time. The value for
life_time must be followed immediately by one of
the following delimiters:
seconds
minutes
hours
days
For example, as in for 90 minutes. You cannot mix
units; a value of will result in an error.
If the option is not specified, the default ticket
lifetime (configured by each site) is used. Speci‐
fying a ticket lifetime longer than the maximum
ticket lifetime (configured by each site) results
in a ticket with the maximum lifetime.
Requests a postdated ticket, valid starting at
start_time. The value for start_time must be fol‐
lowed immediately by one of the following delim‐
iters:
seconds
minutes
hours
days
Postdated tickets are issued with the invalid flag
set, and need to be fed back to the Kerberos KDC
(Key Distribution Center) before use.
Requests that the ticket granting ticket in the cache (with the
invalid flag set) be passed to the KDC for valida‐
tion. If the ticket is within its requested time
range, the cache is replaced with the validated
ticket.
Requests proxiable tickets.
Do not request proxiable tickets. (Not applicable to Kerberos 4.)
Requests forwardable tickets.
Do not request forwardable tickets. (Not applicable to Kerberos 4.)
Request tickets with the local address(es). (Not applicable to Ker‐
beros 4.)
Request tickets that do not have addresses. (Not applicable to Ker‐
beros 4.)
Requests renewable tickets, with a total lifetime of
renewable_life. The value for renewable_life must
be followed immediately by one of the following
delimiters:
seconds
minutes
hours
days
Requests renewal of the ticket-granting ticket. Note that an expired
ticket cannot be renewed, even if the ticket is
still within its renewable life.
Requests a host ticket, obtained from a key in the local host's
keytab file. The name and location of the keytab
file may be specified with the keytab_filename
option; otherwise the default name and location
will be used.
Uses cache_filename as the credentials ticket cache name
and location. If this option is not used, the
default cache name and location are used.
The default credentials cache may vary between sys‐
tems. If the environment variable is set, its
value is used to name the default ticket cache. Any
existing contents of the cache are destroyed by
Specifies an alternate service name to use when
getting initial tickets.
principal Uses the principal name from an existing cache if
there is one.
supports the section. The relationships specified here can be over-rid‐
den by the command-line options. The following relationships are sup‐
ported by in the section:
This relationship specifies if a user can obtain a forwardable ticket.
Valid values it can be set to are:
This relationship specifies if a user can obtain a proxiable ticket.
Valid values it can be set to are:
This relationship specifies the lifetime of the ticket to be obtained.
The
unit of lifetime is either seconds, minutes, hours
or days.
This relationship specifies the renewable life of the ticket to be
obtained.
The unit of lifetime is either seconds, minutes,
hours or days.
Note
For DCE operations use
EXTERNAL INFLUENCES
Environment Variables
uses the following environment variable: Location of the credentials
ticket cache.
AUTHOR
was developed by the Massachusetts Institute of Technology.
FILES
Default credentials cache. {uid} is the decimal UID of the user.
Default location for the local host's
keytab file.
SEE ALSOkdestroy(1), klist(1), libkrb5(3), kerberos(5).
kinit(1)