xref: /freebsd/crypto/krb5/doc/user/user_commands/klist.rst (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1.. _klist(1):
2
3klist
4=====
5
6SYNOPSIS
7--------
8
9**klist**
10[**-e**]
11[[**-c**] [**-l**] [**-A**] [**-f**] [**-s**] [**-a** [**-n**]]]
12[**-C**]
13[**-k** [**-i**] [**-t**] [**-K**]]
14[**-V**]
15[**-d**]
16[*cache_name*\|\ *keytab_name*]
17
18
19DESCRIPTION
20-----------
21
22klist lists the Kerberos principal and Kerberos tickets held in a
23credentials cache, or the keys held in a keytab file.
24
25
26OPTIONS
27-------
28
29**-e**
30    Displays the encryption types of the session key and the ticket
31    for each credential in the credential cache, or each key in the
32    keytab file.
33
34**-l**
35    If a cache collection is available, displays a table summarizing
36    the caches present in the collection.
37
38**-A**
39    If a cache collection is available, displays the contents of all
40    of the caches in the collection.
41
42**-c**
43    List tickets held in a credentials cache. This is the default if
44    neither **-c** nor **-k** is specified.
45
46**-f**
47    Shows the flags present in the credentials, using the following
48    abbreviations::
49
50        F    Forwardable
51        f    forwarded
52        P    Proxiable
53        p    proxy
54        D    postDateable
55        d    postdated
56        R    Renewable
57        I    Initial
58        i    invalid
59        H    Hardware authenticated
60        A    preAuthenticated
61        T    Transit policy checked
62        O    Okay as delegate
63        a    anonymous
64
65**-s**
66    Causes klist to run silently (produce no output).  klist will exit
67    with status 1 if the credentials cache cannot be read or is
68    expired, and with status 0 otherwise.
69
70**-a**
71    Display list of addresses in credentials.
72
73**-n**
74    Show numeric addresses instead of reverse-resolving addresses.
75
76**-C**
77    List configuration data that has been stored in the credentials
78    cache when klist encounters it.  By default, configuration data
79    is not listed.
80
81**-k**
82    List keys held in a keytab file.
83
84**-i**
85    In combination with **-k**, defaults to using the default client
86    keytab instead of the default acceptor keytab, if no name is
87    given.
88
89**-t**
90    Display the time entry timestamps for each keytab entry in the
91    keytab file.
92
93**-K**
94    Display the value of the encryption key in each keytab entry in
95    the keytab file.
96
97**-d**
98    Display the authdata types (if any) for each entry.
99
100**-V**
101    Display the Kerberos version number and exit.
102
103If *cache_name* or *keytab_name* is not specified, klist will display
104the credentials in the default credentials cache or keytab file as
105appropriate.  If the **KRB5CCNAME** environment variable is set, its
106value is used to locate the default ticket cache.
107
108
109ENVIRONMENT
110-----------
111
112See :ref:`kerberos(7)` for a description of Kerberos environment
113variables.
114
115
116FILES
117-----
118
119|ccache|
120    Default location of Kerberos 5 credentials cache
121
122|keytab|
123    Default location for the local host's keytab file.
124
125
126SEE ALSO
127--------
128
129:ref:`kinit(1)`, :ref:`kdestroy(1)`, :ref:`kerberos(7)`
130