xref: /freebsd/crypto/heimdal/kuser/kinit.1 (revision 5521ff5a4d1929056e7ffc982fac3341ca54df7c) 
1.\" $Id: kinit.1,v 1.11 2001/06/08 21:35:32 joda Exp $
2.\"
3.Dd May 29, 1998
4.Dt KINIT 1
5.Os HEIMDAL
6.Sh NAME
7.Nm kinit ,
8.Nm kauth
9.Nd acquire initial tickets
10.Sh SYNOPSIS
11.Nm kinit
12.Op Fl 4 | Fl -524init
13.Op Fl -afslog
14.Oo Fl c Ar cachename \*(Ba Xo
15.Fl -cache= Ns Ar cachename
16.Xc
17.Oc
18.Op Fl f | Fl -forwardable
19.Oo Fl t Ar keytabname \*(Ba Xo
20.Fl -keytab= Ns Ar keytabname
21.Xc
22.Oc
23.Oo Fl l Ar time \*(Ba Xo
24.Fl -lifetime= Ns Ar time
25.Xc
26.Oc
27.Op Fl p | Fl -proxiable
28.Op Fl R | Fl -renew
29.Op Fl -renewable
30.Oo Fl r Ar time \*(Ba Xo
31.Fl -renewable-life= Ns Ar time
32.Xc
33.Oc
34.Oo Fl S Ar principal \*(Ba Xo
35.Fl -server= Ns Ar principal
36.Xc
37.Oc
38.Oo Fl s Ar time \*(Ba Xo
39.Fl -start-time= Ns Ar time
40.Xc
41.Oc
42.Op Fl k | Fl -use-keytab
43.Op Fl v | Fl -validate
44.Oo Fl e Ar enctype \*(Ba Xo
45.Fl -enctypes= Ns Ar enctype
46.Xc
47.Oc
48.Op Fl -fcache-version= Ns Ar integer
49.Op Fl -no-addresses
50.Op Fl -anonymous
51.Op Fl -version
52.Op Fl -help
53.Op Ar principal Op Ar command
54.Sh DESCRIPTION
55.Nm
56is used to authenticate to the kerberos server as
57.Ar principal ,
58or if none is given, a system generated default (typically your login
59name at the default realm), and acquire a ticket granting ticket that
60can later be used to obtain tickets for other services.
61.Pp
62If you have compiled kinit with Kerberos 4 support and you have a
63Kerberos 4 server,
64.Nm
65will detect this and get you Kerberos 4 tickets.
66.Pp
67Supported options:
68.Bl -tag -width Ds
69.It Xo
70.Fl c Ar cachename
71.Fl -cache= Ns Ar cachename
72.Xc
73The credentials cache to put the acquired ticket in, if other than
74default.
75.It Xo
76.Fl f Ns ,
77.Fl -forwardable
78.Xc
79Get ticket that can be forwarded to another host.
80.It Xo
81.Fl t Ar keytabname Ns ,
82.Fl -keytab= Ns Ar keytabname
83.Xc
84Don't ask for a password, but instead get the key from the specified
85keytab.
86.It Xo
87.Fl l Ar time Ns ,
88.Fl -lifetime= Ns Ar time
89.Xc
90Specifies the lifetime of the ticket. The argument can either be in
91seconds, or a more human readable string like
92.Sq 1h .
93.It Xo
94.Fl p Ns ,
95.Fl -proxiable
96.Xc
97Request tickets with the proxiable flag set.
98.It Xo
99.Fl R Ns ,
100.Fl -renew
101.Xc
102Try to renew ticket. The ticket must have the
103.Sq renewable
104flag set, and must not be expired.
105.It Fl -renewable
106The same as
107.Fl -renewable-life ,
108with an infinite time.
109.It Xo
110.Fl r Ar time Ns ,
111.Fl -renewable-life= Ns Ar time
112.Xc
113The max renewable ticket life.
114.It Xo
115.Fl S Ar principal Ns ,
116.Fl -server= Ns Ar principal
117.Xc
118Get a ticket for a service other than krbtgt/LOCAL.REALM.
119.It Xo
120.Fl s Ar time Ns ,
121.Fl -start-time= Ns Ar time
122.Xc
123Obtain a ticket that starts to be valid
124.Ar time
125(which can really be a generic time specification, like
126.Sq 1h )
127seconds into the future.
128.It Xo
129.Fl k Ns ,
130.Fl -use-keytab
131.Xc
132The same as
133.Fl -keytab ,
134but with the default keytab name (normally
135.Ar FILE:/etc/krb5.keytab ) .
136.It Xo
137.Fl v Ns ,
138.Fl -validate
139.Xc
140Try to validate an invalid ticket.
141.It Xo
142.Fl e ,
143.Fl -enctypes= Ns Ar enctypes
144.Xc
145Request tickets with this particular enctype.
146.It Xo
147.Fl -fcache-version= Ns Ar version
148.Xc
149Create a credentials cache of version
150.Nm version .
151.It Xo
152.Fl -no-addresses
153.Xc
154Request a ticket with no addresses.
155.It Xo
156.Fl -anonymous
157.Xc
158Request an anonymous ticket (which means that the ticket will be
159issued to an anonymous principal, typically
160.Dq anonymous@REALM).
161.El
162.Pp
163The following options are only available if
164.Nm
165has been compiled with support for Kerberos 4. The
166.Nm kauth
167program is identical to
168.Nm kinit ,
169but has these options enabled by
170default.
171.Bl -tag -width Ds
172.It Xo
173.Fl 4 Ns ,
174.Fl -524init
175.Xc
176Try to convert the obtained Kerberos 5 krbtgt to a version 4 compatible
177ticket. It will store this ticket in the default Kerberos 4 ticket
178file.
179.It Fl -afslog
180Gets AFS tickets, converts them to version 4 format, and stores them
181in the kernel. Only useful if you have AFS.
182.El
183.Pp
184The
185.Ar forwardable ,
186.Ar proxiable ,
187.Ar ticket_life ,
188and
189.Ar renewable_life
190options can be set to a default value from the
191.Dv appdefaults
192section in krb5.conf, see
193.Xr krb5_appdefault 3 .
194.Pp
195If  a
196.Ar command
197is given,
198.Nm kinit
199will setup new credentials caches, and AFS PAG, and then run the given
200command. When it finishes the credentials will be removed.
201.Sh ENVIRONMENT
202.Bl -tag -width Ds
203.It Ev KRB5CCNAME
204Specifies the default cache file.
205.It Ev KRB5_CONFIG
206The directory where the
207.Pa krb5.conf
208can be found, default is
209.Pa /etc .
210.It Ev KRBTKFILE
211Specifies the Kerberos 4 ticket file to store version 4 tickets in.
212.El
213.\".Sh FILES
214.\".Sh EXAMPLES
215.\".Sh DIAGNOSTICS
216.Sh SEE ALSO
217.Xr kdestroy 1 ,
218.Xr klist 1 ,
219.Xr krb5.conf 5 ,
220.Xr krb5_appdefault 3
221.\".Sh STANDARDS
222.\".Sh HISTORY
223.\".Sh AUTHORS
224.\".Sh BUGS
225