1adb0ddaeSAssar Westerlund.\" $Id: kinit.1,v 1.11 2001/06/08 21:35:32 joda Exp $ 2b528cefcSMark Murray.\" 3b528cefcSMark Murray.Dd May 29, 1998 413e3f4d6SMark Murray.Dt KINIT 1 5b528cefcSMark Murray.Os HEIMDAL 6b528cefcSMark Murray.Sh NAME 713e3f4d6SMark Murray.Nm kinit , 8b528cefcSMark Murray.Nm kauth 945524cd7SAssar Westerlund.Nd acquire initial tickets 10b528cefcSMark Murray.Sh SYNOPSIS 1113e3f4d6SMark Murray.Nm kinit 125e9cd1aeSAssar Westerlund.Op Fl 4 | Fl -524init 13b528cefcSMark Murray.Op Fl -afslog 145e9cd1aeSAssar Westerlund.Oo Fl c Ar cachename \*(Ba Xo 15adb0ddaeSAssar Westerlund.Fl -cache= Ns Ar cachename 165e9cd1aeSAssar Westerlund.Xc 17adb0ddaeSAssar Westerlund.Oc 185e9cd1aeSAssar Westerlund.Op Fl f | Fl -forwardable 195e9cd1aeSAssar Westerlund.Oo Fl t Ar keytabname \*(Ba Xo 20adb0ddaeSAssar Westerlund.Fl -keytab= Ns Ar keytabname 215e9cd1aeSAssar Westerlund.Xc 22adb0ddaeSAssar Westerlund.Oc 235e9cd1aeSAssar Westerlund.Oo Fl l Ar time \*(Ba Xo 24adb0ddaeSAssar Westerlund.Fl -lifetime= Ns Ar time 255e9cd1aeSAssar Westerlund.Xc 26adb0ddaeSAssar Westerlund.Oc 275e9cd1aeSAssar Westerlund.Op Fl p | Fl -proxiable 285e9cd1aeSAssar Westerlund.Op Fl R | Fl -renew 29b528cefcSMark Murray.Op Fl -renewable 305e9cd1aeSAssar Westerlund.Oo Fl r Ar time \*(Ba Xo 31adb0ddaeSAssar Westerlund.Fl -renewable-life= Ns Ar time 325e9cd1aeSAssar Westerlund.Xc 33adb0ddaeSAssar Westerlund.Oc 345e9cd1aeSAssar Westerlund.Oo Fl S Ar principal \*(Ba Xo 35adb0ddaeSAssar Westerlund.Fl -server= Ns Ar principal 365e9cd1aeSAssar Westerlund.Xc 37adb0ddaeSAssar Westerlund.Oc 385e9cd1aeSAssar Westerlund.Oo Fl s Ar time \*(Ba Xo 39adb0ddaeSAssar Westerlund.Fl -start-time= Ns Ar time 405e9cd1aeSAssar Westerlund.Xc 41adb0ddaeSAssar Westerlund.Oc 425e9cd1aeSAssar Westerlund.Op Fl k | Fl -use-keytab 435e9cd1aeSAssar Westerlund.Op Fl v | Fl -validate 445e9cd1aeSAssar Westerlund.Oo Fl e Ar enctype \*(Ba Xo 45adb0ddaeSAssar Westerlund.Fl -enctypes= Ns Ar enctype 465e9cd1aeSAssar Westerlund.Xc 47adb0ddaeSAssar Westerlund.Oc 485e9cd1aeSAssar Westerlund.Op Fl -fcache-version= Ns Ar integer 4913e3f4d6SMark Murray.Op Fl -no-addresses 505e9cd1aeSAssar Westerlund.Op Fl -anonymous 51b528cefcSMark Murray.Op Fl -version 52b528cefcSMark Murray.Op Fl -help 53adb0ddaeSAssar Westerlund.Op Ar principal Op Ar command 54b528cefcSMark Murray.Sh DESCRIPTION 55b528cefcSMark Murray.Nm 56b528cefcSMark Murrayis used to authenticate to the kerberos server as 57b528cefcSMark Murray.Ar principal , 585e9cd1aeSAssar Westerlundor if none is given, a system generated default (typically your login 595e9cd1aeSAssar Westerlundname at the default realm), and acquire a ticket granting ticket that 605e9cd1aeSAssar Westerlundcan later be used to obtain tickets for other services. 615e9cd1aeSAssar Westerlund.Pp 625e9cd1aeSAssar WesterlundIf you have compiled kinit with Kerberos 4 support and you have a 635e9cd1aeSAssar WesterlundKerberos 4 server, 645e9cd1aeSAssar Westerlund.Nm 655e9cd1aeSAssar Westerlundwill detect this and get you Kerberos 4 tickets. 665e9cd1aeSAssar Westerlund.Pp 67b528cefcSMark MurraySupported options: 68b528cefcSMark Murray.Bl -tag -width Ds 69b528cefcSMark Murray.It Xo 70b528cefcSMark Murray.Fl c Ar cachename 71b528cefcSMark Murray.Fl -cache= Ns Ar cachename 72b528cefcSMark Murray.Xc 73b528cefcSMark MurrayThe credentials cache to put the acquired ticket in, if other than 74b528cefcSMark Murraydefault. 75b528cefcSMark Murray.It Xo 76b528cefcSMark Murray.Fl f Ns , 77b528cefcSMark Murray.Fl -forwardable 78b528cefcSMark Murray.Xc 79b528cefcSMark MurrayGet ticket that can be forwarded to another host. 80b528cefcSMark Murray.It Xo 81b528cefcSMark Murray.Fl t Ar keytabname Ns , 82b528cefcSMark Murray.Fl -keytab= Ns Ar keytabname 83b528cefcSMark Murray.Xc 84b528cefcSMark MurrayDon't ask for a password, but instead get the key from the specified 85b528cefcSMark Murraykeytab. 86b528cefcSMark Murray.It Xo 875e9cd1aeSAssar Westerlund.Fl l Ar time Ns , 885e9cd1aeSAssar Westerlund.Fl -lifetime= Ns Ar time 89b528cefcSMark Murray.Xc 905e9cd1aeSAssar WesterlundSpecifies the lifetime of the ticket. The argument can either be in 915e9cd1aeSAssar Westerlundseconds, or a more human readable string like 925e9cd1aeSAssar Westerlund.Sq 1h . 93b528cefcSMark Murray.It Xo 94b528cefcSMark Murray.Fl p Ns , 95b528cefcSMark Murray.Fl -proxiable 96b528cefcSMark Murray.Xc 97b528cefcSMark MurrayRequest tickets with the proxiable flag set. 98b528cefcSMark Murray.It Xo 99b528cefcSMark Murray.Fl R Ns , 100b528cefcSMark Murray.Fl -renew 101b528cefcSMark Murray.Xc 102b528cefcSMark MurrayTry to renew ticket. The ticket must have the 103b528cefcSMark Murray.Sq renewable 104b528cefcSMark Murrayflag set, and must not be expired. 105b528cefcSMark Murray.It Fl -renewable 106b528cefcSMark MurrayThe same as 107b528cefcSMark Murray.Fl -renewable-life , 108b528cefcSMark Murraywith an infinite time. 109b528cefcSMark Murray.It Xo 1105e9cd1aeSAssar Westerlund.Fl r Ar time Ns , 1115e9cd1aeSAssar Westerlund.Fl -renewable-life= Ns Ar time 112b528cefcSMark Murray.Xc 113b528cefcSMark MurrayThe max renewable ticket life. 114b528cefcSMark Murray.It Xo 115b528cefcSMark Murray.Fl S Ar principal Ns , 116b528cefcSMark Murray.Fl -server= Ns Ar principal 117b528cefcSMark Murray.Xc 118b528cefcSMark MurrayGet a ticket for a service other than krbtgt/LOCAL.REALM. 119b528cefcSMark Murray.It Xo 1205e9cd1aeSAssar Westerlund.Fl s Ar time Ns , 1215e9cd1aeSAssar Westerlund.Fl -start-time= Ns Ar time 122b528cefcSMark Murray.Xc 1235e9cd1aeSAssar WesterlundObtain a ticket that starts to be valid 1245e9cd1aeSAssar Westerlund.Ar time 1255e9cd1aeSAssar Westerlund(which can really be a generic time specification, like 1265e9cd1aeSAssar Westerlund.Sq 1h ) 1275e9cd1aeSAssar Westerlundseconds into the future. 128b528cefcSMark Murray.It Xo 129b528cefcSMark Murray.Fl k Ns , 130b528cefcSMark Murray.Fl -use-keytab 131b528cefcSMark Murray.Xc 132b528cefcSMark MurrayThe same as 133b528cefcSMark Murray.Fl -keytab , 134b528cefcSMark Murraybut with the default keytab name (normally 135b528cefcSMark Murray.Ar FILE:/etc/krb5.keytab ) . 136b528cefcSMark Murray.It Xo 137b528cefcSMark Murray.Fl v Ns , 138b528cefcSMark Murray.Fl -validate 139b528cefcSMark Murray.Xc 140b528cefcSMark MurrayTry to validate an invalid ticket. 141b528cefcSMark Murray.It Xo 142b528cefcSMark Murray.Fl e , 143b528cefcSMark Murray.Fl -enctypes= Ns Ar enctypes 144b528cefcSMark Murray.Xc 145b528cefcSMark MurrayRequest tickets with this particular enctype. 146b528cefcSMark Murray.It Xo 147b528cefcSMark Murray.Fl -fcache-version= Ns Ar version 148b528cefcSMark Murray.Xc 149b528cefcSMark MurrayCreate a credentials cache of version 150b528cefcSMark Murray.Nm version . 151b528cefcSMark Murray.It Xo 15213e3f4d6SMark Murray.Fl -no-addresses 153b528cefcSMark Murray.Xc 154b528cefcSMark MurrayRequest a ticket with no addresses. 1555e9cd1aeSAssar Westerlund.It Xo 1565e9cd1aeSAssar Westerlund.Fl -anonymous 1575e9cd1aeSAssar Westerlund.Xc 1585e9cd1aeSAssar WesterlundRequest an anonymous ticket (which means that the ticket will be 1595e9cd1aeSAssar Westerlundissued to an anonymous principal, typically 1605e9cd1aeSAssar Westerlund.Dq anonymous@REALM). 161b528cefcSMark Murray.El 1625e9cd1aeSAssar Westerlund.Pp 163b528cefcSMark MurrayThe following options are only available if 164b528cefcSMark Murray.Nm 16513e3f4d6SMark Murrayhas been compiled with support for Kerberos 4. The 16613e3f4d6SMark Murray.Nm kauth 16713e3f4d6SMark Murrayprogram is identical to 16813e3f4d6SMark Murray.Nm kinit , 16913e3f4d6SMark Murraybut has these options enabled by 17013e3f4d6SMark Murraydefault. 171b528cefcSMark Murray.Bl -tag -width Ds 172b528cefcSMark Murray.It Xo 173b528cefcSMark Murray.Fl 4 Ns , 174b528cefcSMark Murray.Fl -524init 175b528cefcSMark Murray.Xc 1765e9cd1aeSAssar WesterlundTry to convert the obtained Kerberos 5 krbtgt to a version 4 compatible 177b528cefcSMark Murrayticket. It will store this ticket in the default Kerberos 4 ticket 178b528cefcSMark Murrayfile. 179b528cefcSMark Murray.It Fl -afslog 180b528cefcSMark MurrayGets AFS tickets, converts them to version 4 format, and stores them 181b528cefcSMark Murrayin the kernel. Only useful if you have AFS. 182b528cefcSMark Murray.El 1835e9cd1aeSAssar Westerlund.Pp 1845e9cd1aeSAssar WesterlundThe 1855e9cd1aeSAssar Westerlund.Ar forwardable , 1865e9cd1aeSAssar Westerlund.Ar proxiable , 1875e9cd1aeSAssar Westerlund.Ar ticket_life , 1885e9cd1aeSAssar Westerlundand 1895e9cd1aeSAssar Westerlund.Ar renewable_life 1905e9cd1aeSAssar Westerlundoptions can be set to a default value from the 1915e9cd1aeSAssar Westerlund.Dv appdefaults 1925e9cd1aeSAssar Westerlundsection in krb5.conf, see 1935e9cd1aeSAssar Westerlund.Xr krb5_appdefault 3 . 194adb0ddaeSAssar Westerlund.Pp 195adb0ddaeSAssar WesterlundIf a 196adb0ddaeSAssar Westerlund.Ar command 197adb0ddaeSAssar Westerlundis given, 198adb0ddaeSAssar Westerlund.Nm kinit 199adb0ddaeSAssar Westerlundwill setup new credentials caches, and AFS PAG, and then run the given 200adb0ddaeSAssar Westerlundcommand. When it finishes the credentials will be removed. 201b528cefcSMark Murray.Sh ENVIRONMENT 202b528cefcSMark Murray.Bl -tag -width Ds 203b528cefcSMark Murray.It Ev KRB5CCNAME 204b528cefcSMark MurraySpecifies the default cache file. 205b528cefcSMark Murray.It Ev KRB5_CONFIG 206b528cefcSMark MurrayThe directory where the 207b528cefcSMark Murray.Pa krb5.conf 208b528cefcSMark Murraycan be found, default is 209b528cefcSMark Murray.Pa /etc . 210b528cefcSMark Murray.It Ev KRBTKFILE 211b528cefcSMark MurraySpecifies the Kerberos 4 ticket file to store version 4 tickets in. 212b528cefcSMark Murray.El 213b528cefcSMark Murray.\".Sh FILES 214b528cefcSMark Murray.\".Sh EXAMPLES 215b528cefcSMark Murray.\".Sh DIAGNOSTICS 216b528cefcSMark Murray.Sh SEE ALSO 2175e9cd1aeSAssar Westerlund.Xr kdestroy 1 , 218b528cefcSMark Murray.Xr klist 1 , 2195e9cd1aeSAssar Westerlund.Xr krb5.conf 5 , 2205e9cd1aeSAssar Westerlund.Xr krb5_appdefault 3 221b528cefcSMark Murray.\".Sh STANDARDS 222b528cefcSMark Murray.\".Sh HISTORY 223b528cefcSMark Murray.\".Sh AUTHORS 224b528cefcSMark Murray.\".Sh BUGS 225