xref: /freebsd/crypto/heimdal/kuser/kinit.1 (revision b528cefc6b8f9670b31a865051741d946cb37085)

.\" $Id: kinit.1,v 1.3 1999/05/14 14:02:49 assar Exp $
.\"
.Dd May 29, 1998
.Dt KAUTH 1
.Os HEIMDAL
.Sh NAME
.Nm kauth
.Nd
acquire initial tickets
.Sh SYNOPSIS
.Nm
.Op Fl 4
.Op Fl -524init
.Op Fl -afslog
.Op Fl c Ar cachename
.Op Fl -cache= Ns Ar cachename
.Op Fl c Ar cachename
.Op Fl -cache= Ns Ar cachename
.Op Fl f
.Op Fl -forwardable
.Op Fl t Ar keytabname
.Op Fl -keytab= Ns Ar keytabname
.Op Fl l Ar seconds
.Op Fl -lifetime= Ns Ar seconds
.Op Fl p
.Op Fl -proxiable
.Op Fl R
.Op Fl -renew
.Op Fl -renewable
.Op Fl r Ar seconds
.Op Fl -renewable-life= Ns Ar seconds
.Op Fl S Ar principal
.Op Fl -server= Ns Ar principal
.Op Fl s Ar seconds
.Op Fl -start-time= Ns Ar seconds
.Op Fl k
.Op Fl -use-keytab
.Op Fl v
.Op Fl -validate
.Op Fl e
.Op Fl -enctypes= Ns Ar enctypes
.Op Fl -fcache-version= Ns Ar version
.Op Fl -noaddresses
.Op Fl -version
.Op Fl -help
.Op Ar principal
.Sh DESCRIPTION
.Nm
is used to authenticate to the kerberos server as
.Ar principal ,
or if none is given, a system generated default, and acquire a ticket
granting ticket that can later be used to obtain tickets for other
services.
Supported options:
.Bl -tag -width Ds
.It Xo
.Fl c Ar cachename
.Fl -cache= Ns Ar cachename
.Xc
The credentials cache to put the acquired ticket in, if other than
default.
.It Xo
.Fl f Ns ,
.Fl -forwardable
.Xc
Get ticket that can be forwarded to another host.
.It Xo
.Fl t Ar keytabname Ns ,
.Fl -keytab= Ns Ar keytabname
.Xc
Don't ask for a password, but instead get the key from the specified
keytab.
.It Xo
.Fl l Ar seconds Ns ,
.Fl -lifetime= Ns Ar seconds
.Xc
Specifies the lifetime of the ticket.
.It Xo
.Fl p Ns ,
.Fl -proxiable
.Xc
Request tickets with the proxiable flag set.
.It Xo
.Fl R Ns ,
.Fl -renew
.Xc
Try to renew ticket. The ticket must have the
.Sq renewable
flag set, and must not be expired.
.It Fl -renewable
The same as
.Fl -renewable-life ,
with an infinite time.
.It Xo
.Fl r Ar seconds Ns ,
.Fl -renewable-life= Ns Ar seconds
.Xc
The max renewable ticket life.
.It Xo
.Fl S Ar principal Ns ,
.Fl -server= Ns Ar principal
.Xc
Get a ticket for a service other than krbtgt/LOCAL.REALM.
.It Xo
.Fl s Ar seconds Ns ,
.Fl -start-time= Ns Ar seconds
.Xc
Start time of ticket, if other than the current time.
.It Xo
.Fl k Ns ,
.Fl -use-keytab
.Xc
The same as
.Fl -keytab ,
but with the default keytab name (normally
.Ar FILE:/etc/krb5.keytab ) .
.It Xo
.Fl v Ns ,
.Fl -validate
.Xc
Try to validate an invalid ticket.
.It Xo
.Fl e ,
.Fl -enctypes= Ns Ar enctypes
.Xc
Request tickets with this particular enctype.
.It Xo
.Fl -fcache-version= Ns Ar version
.Xc
Create a credentials cache of version
.Nm version .
.It Xo
.Fl -noaddresses
.Xc
Request a ticket with no addresses.
.El

The following options are only available if
.Nm
has been compiled with support for Kerberos 4.
.Bl -tag -width Ds
.It Xo
.Fl 4 Ns ,
.Fl -524init
.Xc
Try to convert the obtained krbtgt to a version 4 compatible
ticket. It will store this ticket in the default Kerberos 4 ticket
file.
.It Fl -afslog
Gets AFS tickets, converts them to version 4 format, and stores them
in the kernel. Only useful if you have AFS.
.El
.Sh ENVIRONMENT
.Bl -tag -width Ds
.It Ev KRB5CCNAME
Specifies the default cache file.
.It Ev KRB5_CONFIG
The directory where the
.Pa krb5.conf
can be found, default is
.Pa /etc .
.It Ev KRBTKFILE
Specifies the Kerberos 4 ticket file to store version 4 tickets in.
.El
.\".Sh FILES
.\".Sh EXAMPLES
.\".Sh DIAGNOSTICS
.Sh SEE ALSO
.Xr krb5.conf 5 ,
.Xr klist 1 ,
.Xr kdestroy 1
.\".Sh STANDARDS
.\".Sh HISTORY
.\".Sh AUTHORS
.\".Sh BUGS