1*7f2fe78bSCy Schubert.. _kvno(1): 2*7f2fe78bSCy Schubert 3*7f2fe78bSCy Schubertkvno 4*7f2fe78bSCy Schubert==== 5*7f2fe78bSCy Schubert 6*7f2fe78bSCy SchubertSYNOPSIS 7*7f2fe78bSCy Schubert-------- 8*7f2fe78bSCy Schubert 9*7f2fe78bSCy Schubert**kvno** 10*7f2fe78bSCy Schubert[**-c** *ccache*] 11*7f2fe78bSCy Schubert[**-e** *etype*] 12*7f2fe78bSCy Schubert[**-k** *keytab*] 13*7f2fe78bSCy Schubert[**-q**] 14*7f2fe78bSCy Schubert[**-u** | **-S** *sname*] 15*7f2fe78bSCy Schubert[**-P**] 16*7f2fe78bSCy Schubert[**--cached-only**] 17*7f2fe78bSCy Schubert[**--no-store**] 18*7f2fe78bSCy Schubert[**--out-cache** *cache*] 19*7f2fe78bSCy Schubert[[{**-F** *cert_file* | {**-I** | **-U**} *for_user*} [**-P**]] | **--u2u** *ccache*] 20*7f2fe78bSCy Schubert*service1 service2* ... 21*7f2fe78bSCy Schubert 22*7f2fe78bSCy Schubert 23*7f2fe78bSCy SchubertDESCRIPTION 24*7f2fe78bSCy Schubert----------- 25*7f2fe78bSCy Schubert 26*7f2fe78bSCy Schubertkvno acquires a service ticket for the specified Kerberos principals 27*7f2fe78bSCy Schubertand prints out the key version numbers of each. 28*7f2fe78bSCy Schubert 29*7f2fe78bSCy Schubert 30*7f2fe78bSCy SchubertOPTIONS 31*7f2fe78bSCy Schubert------- 32*7f2fe78bSCy Schubert 33*7f2fe78bSCy Schubert**-c** *ccache* 34*7f2fe78bSCy Schubert Specifies the name of a credentials cache to use (if not the 35*7f2fe78bSCy Schubert default) 36*7f2fe78bSCy Schubert 37*7f2fe78bSCy Schubert**-e** *etype* 38*7f2fe78bSCy Schubert Specifies the enctype which will be requested for the session key 39*7f2fe78bSCy Schubert of all the services named on the command line. This is useful in 40*7f2fe78bSCy Schubert certain backward compatibility situations. 41*7f2fe78bSCy Schubert 42*7f2fe78bSCy Schubert**-k** *keytab* 43*7f2fe78bSCy Schubert Decrypt the acquired tickets using *keytab* to confirm their 44*7f2fe78bSCy Schubert validity. 45*7f2fe78bSCy Schubert 46*7f2fe78bSCy Schubert**-q** 47*7f2fe78bSCy Schubert Suppress printing output when successful. If a service ticket 48*7f2fe78bSCy Schubert cannot be obtained, an error message will still be printed and 49*7f2fe78bSCy Schubert kvno will exit with nonzero status. 50*7f2fe78bSCy Schubert 51*7f2fe78bSCy Schubert**-u** 52*7f2fe78bSCy Schubert Use the unknown name type in requested service principal names. 53*7f2fe78bSCy Schubert This option Cannot be used with *-S*. 54*7f2fe78bSCy Schubert 55*7f2fe78bSCy Schubert**-P** 56*7f2fe78bSCy Schubert Specifies that the *service1 service2* ... arguments are to be 57*7f2fe78bSCy Schubert treated as services for which credentials should be acquired using 58*7f2fe78bSCy Schubert constrained delegation. This option is only valid when used in 59*7f2fe78bSCy Schubert conjunction with protocol transition. 60*7f2fe78bSCy Schubert 61*7f2fe78bSCy Schubert**-S** *sname* 62*7f2fe78bSCy Schubert Specifies that the *service1 service2* ... arguments are 63*7f2fe78bSCy Schubert interpreted as hostnames, and the service principals are to be 64*7f2fe78bSCy Schubert constructed from those hostnames and the service name *sname*. 65*7f2fe78bSCy Schubert The service hostnames will be canonicalized according to the usual 66*7f2fe78bSCy Schubert rules for constructing service principals. 67*7f2fe78bSCy Schubert 68*7f2fe78bSCy Schubert**-I** *for_user* 69*7f2fe78bSCy Schubert Specifies that protocol transition (S4U2Self) is to be used to 70*7f2fe78bSCy Schubert acquire a ticket on behalf of *for_user*. If constrained 71*7f2fe78bSCy Schubert delegation is not requested, the service name must match the 72*7f2fe78bSCy Schubert credentials cache client principal. 73*7f2fe78bSCy Schubert 74*7f2fe78bSCy Schubert**-U** *for_user* 75*7f2fe78bSCy Schubert Same as -I, but treats *for_user* as an enterprise name. 76*7f2fe78bSCy Schubert 77*7f2fe78bSCy Schubert**-F** *cert_file* 78*7f2fe78bSCy Schubert Specifies that protocol transition is to be used, identifying the 79*7f2fe78bSCy Schubert client principal with the X.509 certificate in *cert_file*. The 80*7f2fe78bSCy Schubert certificate file must be in PEM format. 81*7f2fe78bSCy Schubert 82*7f2fe78bSCy Schubert**--cached-only** 83*7f2fe78bSCy Schubert Only retrieve credentials already present in the cache, not from 84*7f2fe78bSCy Schubert the KDC. (Added in release 1.19.) 85*7f2fe78bSCy Schubert 86*7f2fe78bSCy Schubert**--no-store** 87*7f2fe78bSCy Schubert Do not store retrieved credentials in the cache. If 88*7f2fe78bSCy Schubert **--out-cache** is also specified, credentials will still be 89*7f2fe78bSCy Schubert stored into the output credential cache. (Added in release 1.19.) 90*7f2fe78bSCy Schubert 91*7f2fe78bSCy Schubert**--out-cache** *ccache* 92*7f2fe78bSCy Schubert Initialize *ccache* and store all retrieved credentials into it. 93*7f2fe78bSCy Schubert Do not store acquired credentials in the input cache. (Added in 94*7f2fe78bSCy Schubert release 1.19.) 95*7f2fe78bSCy Schubert 96*7f2fe78bSCy Schubert**--u2u** *ccache* 97*7f2fe78bSCy Schubert Requests a user-to-user ticket. *ccache* must contain a local 98*7f2fe78bSCy Schubert krbtgt ticket for the server principal. The reported version 99*7f2fe78bSCy Schubert number will typically be 0, as the resulting ticket is not 100*7f2fe78bSCy Schubert encrypted in the server's long-term key. 101*7f2fe78bSCy Schubert 102*7f2fe78bSCy SchubertENVIRONMENT 103*7f2fe78bSCy Schubert----------- 104*7f2fe78bSCy Schubert 105*7f2fe78bSCy SchubertSee :ref:`kerberos(7)` for a description of Kerberos environment 106*7f2fe78bSCy Schubertvariables. 107*7f2fe78bSCy Schubert 108*7f2fe78bSCy Schubert 109*7f2fe78bSCy SchubertFILES 110*7f2fe78bSCy Schubert----- 111*7f2fe78bSCy Schubert 112*7f2fe78bSCy Schubert|ccache| 113*7f2fe78bSCy Schubert Default location of the credentials cache 114*7f2fe78bSCy Schubert 115*7f2fe78bSCy Schubert 116*7f2fe78bSCy SchubertSEE ALSO 117*7f2fe78bSCy Schubert-------- 118*7f2fe78bSCy Schubert 119*7f2fe78bSCy Schubert:ref:`kinit(1)`, :ref:`kdestroy(1)`, :ref:`kerberos(7)` 120