xref: /freebsd/crypto/heimdal/kuser/kinit.1 (revision eacee0ff7ec955b32e09515246bd97b6edcd2b0f) 
1.\" $Id: kinit.1,v 1.16 2002/01/24 15:30:45 assar Exp $
2.\"
3.Dd May 29, 1998
4.Dt KINIT 1
5.Os HEIMDAL
6.Sh NAME
7.Nm kinit
8.Nm kauth
9.Nd acquire initial tickets
10.Sh SYNOPSIS
11.Nm kinit
12.Op Fl 4 | Fl -524init
13.Op Fl 9 | Fl -524convert
14.Op Fl -afslog
15.Oo Fl c Ar cachename \*(Ba Xo
16.Fl -cache= Ns Ar cachename
17.Xc
18.Oc
19.Op Fl f | Fl -forwardable
20.Oo Fl t Ar keytabname \*(Ba Xo
21.Fl -keytab= Ns Ar keytabname
22.Xc
23.Oc
24.Oo Fl l Ar time \*(Ba Xo
25.Fl -lifetime= Ns Ar time
26.Xc
27.Oc
28.Op Fl p | Fl -proxiable
29.Op Fl R | Fl -renew
30.Op Fl -renewable
31.Oo Fl r Ar time \*(Ba Xo
32.Fl -renewable-life= Ns Ar time
33.Xc
34.Oc
35.Oo Fl S Ar principal \*(Ba Xo
36.Fl -server= Ns Ar principal
37.Xc
38.Oc
39.Oo Fl s Ar time \*(Ba Xo
40.Fl -start-time= Ns Ar time
41.Xc
42.Oc
43.Op Fl k | Fl -use-keytab
44.Op Fl v | Fl -validate
45.Oo Fl e Ar enctypes \*(Ba Xo
46.Fl -enctypes= Ns Ar enctypes
47.Xc
48.Oc
49.Op Fl -fcache-version= Ns Ar integer
50.Op Fl -no-addresses
51.Op Fl -anonymous
52.Op Fl -version
53.Op Fl -help
54.Op Ar principal Op Ar command
55.Sh DESCRIPTION
56.Nm
57is used to authenticate to the kerberos server as
58.Ar principal ,
59or if none is given, a system generated default (typically your login
60name at the default realm), and acquire a ticket granting ticket that
61can later be used to obtain tickets for other services.
62.Pp
63If you have compiled
64.Nm kinit
65with Kerberos 4 support and you have a
66Kerberos 4 server,
67.Nm
68will detect this and get you Kerberos 4 tickets.
69.Pp
70Supported options:
71.Bl -tag -width Ds
72.It Xo
73.Fl c Ar cachename
74.Fl -cache= Ns Ar cachename
75.Xc
76The credentials cache to put the acquired ticket in, if other than
77default.
78.It Xo
79.Fl f Ns ,
80.Fl -forwardable
81.Xc
82Get ticket that can be forwarded to another host.
83.It Xo
84.Fl t Ar keytabname Ns ,
85.Fl -keytab= Ns Ar keytabname
86.Xc
87Don't ask for a password, but instead get the key from the specified
88keytab.
89.It Xo
90.Fl l Ar time Ns ,
91.Fl -lifetime= Ns Ar time
92.Xc
93Specifies the lifetime of the ticket. The argument can either be in
94seconds, or a more human readable string like
95.Sq 1h .
96.It Xo
97.Fl p Ns ,
98.Fl -proxiable
99.Xc
100Request tickets with the proxiable flag set.
101.It Xo
102.Fl R Ns ,
103.Fl -renew
104.Xc
105Try to renew ticket. The ticket must have the
106.Sq renewable
107flag set, and must not be expired.
108.It Fl -renewable
109The same as
110.Fl -renewable-life ,
111with an infinite time.
112.It Xo
113.Fl r Ar time Ns ,
114.Fl -renewable-life= Ns Ar time
115.Xc
116The max renewable ticket life.
117.It Xo
118.Fl S Ar principal Ns ,
119.Fl -server= Ns Ar principal
120.Xc
121Get a ticket for a service other than krbtgt/LOCAL.REALM.
122.It Xo
123.Fl s Ar time Ns ,
124.Fl -start-time= Ns Ar time
125.Xc
126Obtain a ticket that starts to be valid
127.Ar time
128(which can really be a generic time specification, like
129.Sq 1h )
130seconds into the future.
131.It Xo
132.Fl k Ns ,
133.Fl -use-keytab
134.Xc
135The same as
136.Fl -keytab ,
137but with the default keytab name (normally
138.Ar FILE:/etc/krb5.keytab ) .
139.It Xo
140.Fl v Ns ,
141.Fl -validate
142.Xc
143Try to validate an invalid ticket.
144.It Xo
145.Fl e ,
146.Fl -enctypes= Ns Ar enctypes
147.Xc
148Request tickets with this particular enctype.
149.It Xo
150.Fl -fcache-version= Ns Ar version
151.Xc
152Create a credentials cache of version
153.Nm version .
154.It Xo
155.Fl -no-addresses
156.Xc
157Request a ticket with no addresses.
158.It Xo
159.Fl -anonymous
160.Xc
161Request an anonymous ticket (which means that the ticket will be
162issued to an anonymous principal, typically
163.Dq anonymous@REALM).
164.El
165.Pp
166The following options are only available if
167.Nm
168has been compiled with support for Kerberos 4.
169.Bl -tag -width Ds
170.It Xo
171.Fl 4 Ns ,
172.Fl -524init
173.Xc
174Try to convert the obtained Kerberos 5 krbtgt to a version 4
175compatible ticket. It will store this ticket in the default Kerberos 4
176ticket file.
177.It Xo
178.Fl 9 Ns ,
179.Fl -524convert
180.Xc
181only convert ticket to version 4
182.It Fl -afslog
183Gets AFS tickets, converts them to version 4 format, and stores them
184in the kernel. Only useful if you have AFS.
185.El
186.Pp
187The
188.Ar forwardable ,
189.Ar proxiable ,
190.Ar ticket_life ,
191and
192.Ar renewable_life
193options can be set to a default value from the
194.Dv appdefaults
195section in krb5.conf, see
196.Xr krb5_appdefault 3 .
197.Pp
198If  a
199.Ar command
200is given,
201.Nm kinit
202will setup new credentials caches, and AFS PAG, and then run the given
203command. When it finishes the credentials will be removed.
204.Sh ENVIRONMENT
205.Bl -tag -width Ds
206.It Ev KRB5CCNAME
207Specifies the default credentials cache.
208.It Ev KRB5_CONFIG
209The file name of
210.Pa krb5.conf
211, the default being
212.Pa /etc/krb5.conf .
213.It Ev KRBTKFILE
214Specifies the Kerberos 4 ticket file to store version 4 tickets in.
215.El
216.\".Sh FILES
217.\".Sh EXAMPLES
218.\".Sh DIAGNOSTICS
219.Sh SEE ALSO
220.Xr kdestroy 1 ,
221.Xr klist 1 ,
222.Xr krb5_appdefault 3 ,
223.Xr krb5.conf 5
224.\".Sh STANDARDS
225.\".Sh HISTORY
226.\".Sh AUTHORS
227.\".Sh BUGS
228