'\" te
.\" Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology.  For copying and distribution information,  please see the file kerberosv5/mit-sipb-copyright.h.
.\" Portions Copyright (c) 2004, Sun Microsystems, Inc.  All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH KLIST 1 "Nov 16, 2006"
.SH NAME
klist \- list currently held Kerberos tickets
.SH SYNOPSIS
.LP
.nf
\fB/usr/bin/klist\fR [\fB-e\fR]
     [ [\fB-c\fR] [\fB-f\fR] [\fB-s\fR] [\fB-a\fR [\fB-n\fR]] [\fIcache_name\fR]]
     [\fB-k\fR [\fB-t\fR] [\fB-K\fR] [\fIkeytab_file\fR]]
.fi

.SH DESCRIPTION
.sp
.LP
The \fBklist\fR utility prints the name of the credentials cache, the identity
of the principal that the tickets are for (as listed in the ticket file), and
the principal names of all Kerberos tickets currently held by the user, along
with the issue and expiration time for each authenticator. Principal names are
listed in the form \fIname\fR\fB/\fR\fIinstance\fR\fB@\fR\fIrealm\fR, with
the '\fB/\fR' omitted if the instance is not included, and the '\fB@\fR' omitted if
the realm is  not included.
.sp
.LP
If \fIcache_file\fR or \fIkeytab_name\fR is not specified, \fBklist\fR displays
the credentials in the default credentials cache or keytab files as
appropriate. By default, your ticket is stored in the file
\fB/tmp/krb5cc_\fIuid\fR\fR, where \fIuid\fR is the current user-ID of the
user.
.SH OPTIONS
.sp
.LP
The following options are supported:
.sp
.ne 2
.na
\fB\fB-a\fR\fR
.ad
.RS 20n
Displays list of addresses in credentials. Uses the configured nameservice to
translate numeric network addresses to the associated hostname if possible.
.RE

.sp
.ne 2
.na
\fB\fB-c\fR [\fIcache_name\fR]\fR
.ad
.RS 20n
Lists tickets held in a credentials cache. This is the default if neither
\fB-c\fR nor \fB-k\fR is specified.
.RE

.sp
.ne 2
.na
\fB\fB-e\fR\fR
.ad
.RS 20n
Displays the encryption types of the session key and the ticket for each
credential in the credential cache, or each key in the keytab file.
.RE

.sp
.ne 2
.na
\fB\fB-f\fR\fR
.ad
.RS 20n
Shows the flags present in the credentials, using the following abbreviations:
.sp
.ne 2
.na
\fBa\fR
.ad
.RS 5n
Anonymous
.RE

.sp
.ne 2
.na
\fBA\fR
.ad
.RS 5n
Pre-authenticated
.RE

.sp
.ne 2
.na
\fBd\fR
.ad
.RS 5n
Post-dated
.RE

.sp
.ne 2
.na
\fBD\fR
.ad
.RS 5n
Post-dateable
.RE

.sp
.ne 2
.na
\fBf\fR
.ad
.RS 5n
Forwarded
.RE

.sp
.ne 2
.na
\fBF\fR
.ad
.RS 5n
Forwardable
.RE

.sp
.ne 2
.na
\fBH\fR
.ad
.RS 5n
Hardware authenticated
.RE

.sp
.ne 2
.na
\fBi\fR
.ad
.RS 5n
Invalid
.RE

.sp
.ne 2
.na
\fBI\fR
.ad
.RS 5n
Initial
.RE

.sp
.ne 2
.na
\fBO\fR
.ad
.RS 5n
Okay as delegate
.RE

.sp
.ne 2
.na
\fBp\fR
.ad
.RS 5n
Proxy
.RE

.sp
.ne 2
.na
\fBP\fR
.ad
.RS 5n
Proxiable
.RE

.sp
.ne 2
.na
\fBR\fR
.ad
.RS 5n
Renewable
.RE

.sp
.ne 2
.na
\fBT\fR
.ad
.RS 5n
Transit policy checked
.RE

.RE

.sp
.ne 2
.na
\fB\fB-k\fR [\fIkeytab_file\fR]\fR
.ad
.RS 20n
List keys held in a \fBkeytab\fR file.
.RE

.sp
.ne 2
.na
\fB\fB-K\fR\fR
.ad
.RS 20n
Displays the value of the encryption key in each keytab entry in the keytab
file.
.RE

.sp
.ne 2
.na
\fB\fB-n\fR\fR
.ad
.RS 20n
Shows numeric \fBIP\fR addresses instead of reverse-resolving addresses. Only
valid with \fB-a\fR option.
.RE

.sp
.ne 2
.na
\fB\fB-s\fR\fR
.ad
.RS 20n
Causes \fBklist\fR to run silently (produce no output), but to still set the
exit status according to whether it finds the credentials cache. The exit
status is \fB0\fR if \fBklist\fR finds a credentials cache, and `\fB1\fRif it
does not, or if the local-realm TGT has expired.
.RE

.sp
.ne 2
.na
\fB\fB-t\fR\fR
.ad
.RS 20n
Displays the time entry timestamps for each keytab entry in the keytab file.
.RE

.SH ENVIRONMENT VARIABLES
.sp
.LP
\fBklist\fR uses the following environment variable:
.sp
.ne 2
.na
\fB\fBKRB5CCNAME\fR\fR
.ad
.RS 14n
Location of the credentials (ticket) cache. See \fBkrb5envvar\fR(5) for syntax
and details.
.RE

.SH FILES
.sp
.ne 2
.na
\fB\fB/tmp/krb5cc_\fIuid\fR\fR\fR
.ad
.RS 25n
Default credentials cache (\fIuid\fR is the decimal \fBUID\fR of the user).
.RE

.sp
.ne 2
.na
\fB\fB/etc/krb5/krb5.keytab\fR\fR
.ad
.RS 25n
Default location for the local host's \fBkeytab\fR file.
.RE

.sp
.ne 2
.na
\fB\fB/etc/krb5/krb5.conf\fR\fR
.ad
.RS 25n
Default location for the local host's configuration file. See
\fBkrb5.conf\fR(4).
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE	ATTRIBUTE VALUE
_
Interface Stability	See below.
.TE

.sp
.LP
The command arguments are Evolving. The command output is Unstable.
.SH SEE ALSO
.sp
.LP
\fBkdestroy\fR(1), \fBkinit\fR(1), \fBkrb5.conf\fR(4), \fBattributes\fR(5),
\fBkrb5envvar\fR(5), \fBkerberos\fR(5)
.SH BUGS
.sp
.LP
When reading a file as a service key file, very little error checking is
performed.