1.. _kvno(1): 2 3kvno 4==== 5 6SYNOPSIS 7-------- 8 9**kvno** 10[**-c** *ccache*] 11[**-e** *etype*] 12[**-k** *keytab*] 13[**-q**] 14[**-u** | **-S** *sname*] 15[**-P**] 16[**--cached-only**] 17[**--no-store**] 18[**--out-cache** *cache*] 19[[{**-F** *cert_file* | {**-I** | **-U**} *for_user*} [**-P**]] | **--u2u** *ccache*] 20*service1 service2* ... 21 22 23DESCRIPTION 24----------- 25 26kvno acquires a service ticket for the specified Kerberos principals 27and prints out the key version numbers of each. 28 29 30OPTIONS 31------- 32 33**-c** *ccache* 34 Specifies the name of a credentials cache to use (if not the 35 default) 36 37**-e** *etype* 38 Specifies the enctype which will be requested for the session key 39 of all the services named on the command line. This is useful in 40 certain backward compatibility situations. 41 42**-k** *keytab* 43 Decrypt the acquired tickets using *keytab* to confirm their 44 validity. 45 46**-q** 47 Suppress printing output when successful. If a service ticket 48 cannot be obtained, an error message will still be printed and 49 kvno will exit with nonzero status. 50 51**-u** 52 Use the unknown name type in requested service principal names. 53 This option Cannot be used with *-S*. 54 55**-P** 56 Specifies that the *service1 service2* ... arguments are to be 57 treated as services for which credentials should be acquired using 58 constrained delegation. This option is only valid when used in 59 conjunction with protocol transition. 60 61**-S** *sname* 62 Specifies that the *service1 service2* ... arguments are 63 interpreted as hostnames, and the service principals are to be 64 constructed from those hostnames and the service name *sname*. 65 The service hostnames will be canonicalized according to the usual 66 rules for constructing service principals. 67 68**-I** *for_user* 69 Specifies that protocol transition (S4U2Self) is to be used to 70 acquire a ticket on behalf of *for_user*. If constrained 71 delegation is not requested, the service name must match the 72 credentials cache client principal. 73 74**-U** *for_user* 75 Same as -I, but treats *for_user* as an enterprise name. 76 77**-F** *cert_file* 78 Specifies that protocol transition is to be used, identifying the 79 client principal with the X.509 certificate in *cert_file*. The 80 certificate file must be in PEM format. 81 82**--cached-only** 83 Only retrieve credentials already present in the cache, not from 84 the KDC. (Added in release 1.19.) 85 86**--no-store** 87 Do not store retrieved credentials in the cache. If 88 **--out-cache** is also specified, credentials will still be 89 stored into the output credential cache. (Added in release 1.19.) 90 91**--out-cache** *ccache* 92 Initialize *ccache* and store all retrieved credentials into it. 93 Do not store acquired credentials in the input cache. (Added in 94 release 1.19.) 95 96**--u2u** *ccache* 97 Requests a user-to-user ticket. *ccache* must contain a local 98 krbtgt ticket for the server principal. The reported version 99 number will typically be 0, as the resulting ticket is not 100 encrypted in the server's long-term key. 101 102ENVIRONMENT 103----------- 104 105See :ref:`kerberos(7)` for a description of Kerberos environment 106variables. 107 108 109FILES 110----- 111 112|ccache| 113 Default location of the credentials cache 114 115 116SEE ALSO 117-------- 118 119:ref:`kinit(1)`, :ref:`kdestroy(1)`, :ref:`kerberos(7)` 120